Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

VPN: Local VPN ID choices when using Pre-Shared-Key

If one side of a VPN is another product, it might not accept an 'ANY Remote VPN ID' option, while the UTM doesn't have a fixed IP.
Thus, the other VPN gateway doesn't know the UTM IP, so it cannot use the IP as peer VPN ID. UTM cannot change its local VPN ID when we set up the Authentication type as Pre-Shared Key. The default local VPN ID is the external IP address and cannot be changed.

Please support changing the local VPN ID when the Authentication type is Pre-Shared Key, then we can use hostname or email address as VPN ID.

64 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    James LiJames Li shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    5 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • coewarcoewar commented  ·   ·  Flag as inappropriate

        Bob, this entire problem would not exist if Astaro GUI would allow use of the LEFTID setting in the StrongSWAN config file. It would allow us to tell the router to use whatever IP we want for the peer setting, and we'd select to use the router's NAT'ed public IP which would entirely eliminate this issue.

      • Bob AlfsonBob Alfson commented  ·   ·  Flag as inappropriate

        James, it sounds like your Remote Gateway for that other side is in "Respond only" mode. Replace that with a different Remote Gateway in "Initiate connection" and you should have the ability to do what you want. 'Respond only' is only used when the other end has to call you because you don't know their IP.

        I also commented on coewar's thread link below.

      • coewarcoewar commented  ·   ·  Flag as inappropriate

        Forgot one thing. This would not be complete if it also did not carry that into the ipsec.secret file. In the least, if you allow setting the MYID and LEFTID settings, those values have to carry over into the ipsec.secret file for the PSK's to work.

      Feedback and Knowledge Base