IPsec [New] Missing field for both end peer ID configuration

funfuck1337 · May 05, 2024, 01:38:12 PM

I am setting up an S2S IPsec transport tunnel. Spec as below:

A end: dynamic IP, FQDN provided
B end: static IP, Debian with strongswan installed.

The setup went all good and straight forward.

The problem is OPNsense phase 1 connection config has address field only. There is no way to config peer ID for both end...

And that causing A-end with dynamic IP would never initiate the IPsec connection with below line logged...

Code Select

Informational	charon	12[CFG] <|3> no IDi configured, fall back on IP address
Informational	charon	12[IKE] <|3> authentication of '[WAN_IP4]' (myself) with pre-shared key
Informational	charon	12[IKE] <|3> no shared key found for '[WAN_IP4]' - '%any'

The workaround is config B-end to always be the initiator. But it is not healthy.
Because next I had to setup another S2S tunnel which both end are dynamic IP...

I would like to know if there is a way to get rid of this or could I add peer ID manually in the file?

IPsec [New] Missing field for both end peer ID configuration

funfuck1337

May 05, 2024, 01:38:12 PM