Stuart Henderson
2021-04-02 08:47:58 UTC
Hello everyone
Just wanted to check my sanity after so many days. I have ikev2 setup working for windows machine for a long time using the following. So, to repeat this works, it connects fine.
ikev2 passive esp \
from 0.0.0.0/0 to 10.0.5.0/24 \
10.0.5.0/24 should be "to 0.0.0.0" in <=6.8, or "to dynamic" in -current/6.9Just wanted to check my sanity after so many days. I have ikev2 setup working for windows machine for a long time using the following. So, to repeat this works, it connects fine.
ikev2 passive esp \
from 0.0.0.0/0 to 10.0.5.0/24 \
peer any local 50.247.187.177 \
srcid 50.247.187.177 \
config address 10.0.5.0/24
now I have a second windows client with a different certificate that I also want to connect at the same time but client B will disconnect client A. I need to add a dstid to this config to make specific entries for each machine I believe using ASN1_DN such as this? Or is there better way for clients with no fixed IP or FQDN?
It has been said that you should be able to match by dstid with iked,srcid 50.247.187.177 \
config address 10.0.5.0/24
now I have a second windows client with a different certificate that I also want to connect at the same time but client B will disconnect client A. I need to add a dstid to this config to make specific entries for each machine I believe using ASN1_DN such as this? Or is there better way for clients with no fixed IP or FQDN?
but I have been unable to make that work.