On 2021-04-01, Justin Mayes <jma...@perdoceoed.com> wrote: > Hello everyone > > Just wanted to check my sanity after so many days. I have ikev2 setup working > for windows machine for a long time using the following. So, to repeat this > works, it connects fine. > > ikev2 passive esp \ > from 0.0.0.0/0 to 10.0.5.0/24 \
10.0.5.0/24 should be "to 0.0.0.0" in <=6.8, or "to dynamic" in -current/6.9 > peer any local 50.247.187.177 \ > srcid 50.247.187.177 \ > config address 10.0.5.0/24 > > now I have a second windows client with a different certificate that I also > want to connect at the same time but client B will disconnect client A. I > need to add a dstid to this config to make specific entries for each machine > I believe using ASN1_DN such as this? Or is there better way for clients with > no fixed IP or FQDN? It has been said that you should be able to match by dstid with iked, but I have been unable to make that work.
