I am setting up an S2S IPsec transport tunnel. Spec as below:
A end: dynamic IP, FQDN provided
B end: static IP, Debian with strongswan installed.
The setup went all good and straight forward.
The problem is OPNsense phase 1 connection config has address field only. There is no way to config peer ID for both end...
(https://s2.loli.net/2024/05/05/lQaqFDfbcTLrGY6.png) (https://sm.ms/image/lQaqFDfbcTLrGY6)
And that causing A-end with dynamic IP would never initiate the IPsec connection with below line logged...
Informational charon 12[CFG] <|3> no IDi configured, fall back on IP address
Informational charon 12[IKE] <|3> authentication of '[WAN_IP4]' (myself) with pre-shared key
Informational charon 12[IKE] <|3> no shared key found for '[WAN_IP4]' - '%any'
The workaround is config B-end to always be the initiator. But it is not healthy.
Because next I had to setup another S2S tunnel which both end are dynamic IP...
I would like to know if there is a way to get rid of this or could I add peer ID manually in the file?