Issue #513
Fully meshed VPN Sessions using right=%any is not working
Description
I am trying to setup a fully meshed tunnel between 3 Nodes.
Here is how I am setting up the conection in each Node:
/etc/ipsec.conf at NODE_1
conn NODE_1
leftsendcert=always
keyexchange=ikev2
left=%any
leftauth=pubkey
leftcert=/flash/node-1-cert.pem
right=%any <<<<<<<<<<<<<<<<<<<<<<<<<<
auto=route
rightid=%any
rightauth=pubkey
ikelifetime=60m
keylife=1440m
rekeymargin=3m
keyingtries=1
compress=no
esp=aes256-sha1-modp2048!
ike=aes256-sha1-modp2048!
installpolicy=yes
type=transport
leftikeport=4500
rightikeport=4500
leftprotoport=1
rightprotoport=1
My Topology for 3 Nodes: ========================
Node_1 --------------------- Node_2
(1.1.1.1) | (1.1.1.2)
|
Node_3
(1.1.1.3)
When I ping from Node_1 to Node_2 or Node_3 (ping 1.1.1.2 or 1.1.1.3),
It does not trigger IKE. It goes clear-text ?
Can I get some help on this ?
Thanks..Sisir
IBM, California, US
Related issues
History
#1 Updated by Sisir Chowdhury over 6 years ago
Basically my question is -- when I setup the config I wouldn't know the peer IP addresses.
Can the IP Destination of "ping" be used as Remote peer to establish the session?
On both the Initiator and Responder I can leave the right=%any then. We are trying
to use it for a large scale config (20 Clustered Nodes). Any help in this regard will
be highly appreciated.
Thanks..Sisir
#2 Updated by Tobias Brunner over 6 years ago
- Blocked by Feature #196: Add support for right=%any (for auto=route) added
#3 Updated by Tobias Brunner about 5 years ago
- Status changed from New to Closed
- Assignee set to Tobias Brunner
- Priority changed from High to Normal
- Resolution set to Fixed
See #196-6 for details.
#4 Updated by Tobias Brunner about 5 years ago
- Description updated (diff)