[strongSwan] Is IPv6 generic transport mode config based on subnet possible?

Mon Feb 25 16:59:06 CET 2013

Is it possible with strongswan to setup a generic conn entry for transport mode to any host in a particular subnet for IPv6?

Something like:

conn gtrans
        left=2001:420:27ff:fff7:250:566f:fe92:5f44
        leftcert=cert.pem
        leftfirewall=yes
        right=%any
        rightallowany=yes
        rightid=%any
        type=transport
        auto=route

Where right is any IP address in the 2001:420 subnet and left is traffic orginating from a particular IP on the local host. 

I've tried right=%any, rightsubnet=2001:420::0/96, etc. but the daemon log always has "installing trap failed, remote address unknown" and IKEv2 negotiation never occurs when I trying pinging.  

thanks,

Keith