Unable to initiate vpn connection with %any in swanctl

Hi,
I'm using swanctl to configure ipsec vpn. using remote adress = any it show error

swanctl --initiate --ike head
[IKE] unable to resolve %any, initiate aborted
initiate failed: establishing IKE_SA 'head' failed

swanctl.conf:

connections {
  head {
    local_addrs = %any
    remote_addrs = %any
    fragmentation = yes
    local {
      auth = psk
    }
    remote {
      auth = psk
    }
    children {
      tun_headquarters {
        local_ts = 192.168.1.0/24
        remote_ts = 192.168.2.0/24
        if_id_in = 308
        if_id_out = 308
        start_action = trap
        esp_proposals = aes128-sha1-modp2048
        mode = tunnel
        life_time = 66m
        rekey_time = 1h
        dpd_action = start
      }
    }
    version = 2
    mobike = no
    rekey_time = 4h
    over_time = 24m
    proposals = aes128-sha1-modp2048
    dpd_delay = 30s
    keyingtries = 3
  }
}

secrets {
  ike {
    secret = 0987654321
  }
}

i dont know where i'm making mistake. Any help will be appreciated.
Thanks

It's been a while I had to deal with IPsec but if your peer has no static addr you can not init only start. One peer has to have a static address at least.

i also tried with local static ip and remote = any , it gives same error

https://manpages.debian.org/testing/strongswan-swanctl/swanctl.conf.5.en.html#connections.conn.remote_addrs

1 Like

If your remote peer has no static address and no fqdn, then the host does not know where to connect to, therefore the connection can not be initialized. It can only listen and wait for connection attempt. Please make yourself familiar with IPsec in general and strongswan in particular and read the man page @pavelgl has linked to.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.