Fully meshed VPN Sessions using right=%any is not working
I am trying to setup a fully meshed tunnel between 3 Nodes.
Here is how I am setting up the conection in each Node:
/etc/ipsec.conf at NODE_1
conn NODE_1 leftsendcert=always keyexchange=ikev2 left=%any leftauth=pubkey leftcert=/flash/node-1-cert.pem right=%any <<<<<<<<<<<<<<<<<<<<<<<<<< auto=route rightid=%any rightauth=pubkey ikelifetime=60m keylife=1440m rekeymargin=3m keyingtries=1 compress=no esp=aes256-sha1-modp2048! ike=aes256-sha1-modp2048! installpolicy=yes type=transport leftikeport=4500 rightikeport=4500 leftprotoport=1 rightprotoport=1
My Topology for 3 Nodes: ========================
Node_1 --------------------- Node_2 (22.214.171.124) | (126.96.36.199) | Node_3 (188.8.131.52)
When I ping from Node_1 to Node_2 or Node_3 (ping 184.108.40.206 or 220.127.116.11),
It does not trigger IKE. It goes clear-text ?
Can I get some help on this ?
IBM, California, US
#1 Updated by Sisir Chowdhury almost 7 years ago
Basically my question is -- when I setup the config I wouldn't know the peer IP addresses.
Can the IP Destination of "ping" be used as Remote peer to establish the session?
On both the Initiator and Responder I can leave the right=%any then. We are trying
to use it for a large scale config (20 Clustered Nodes). Any help in this regard will
be highly appreciated.