<div>Hi,</div>
<div> </div>
<div>I wanted to create an IPsec SA that would encrypt traffic from any destination ( rightsubnet=  any ). However, the following configuration is not accepted by strongswan:-</div>
<div> </div>
<div>conn IpSecSSEPlane<br>        ikelifetime=24h<br>        keyexchange=ikev2<br>        keyingtries=%forever<br>        keylife=90m<br>        reauth=no<br>        rekey=yes<br>        mobike=no<br>        rekeymargin=2m<br>
        ike=aes128-sha1-modp1024,3des-sha1-modp1024!<br>        esp=aes128-sha1-modp1024,3des-sha1-modp1024!<br>        authby=rsasig<br>        right=10.10.10.2<br>        left=20.20.20.21<br><strong>        leftsubnet=<a href="http://15.15.15.5/32">15.15.15.5/32</a></strong></div>

<div><strong>        rightsubnet=%any<br></strong>        leftprotoport=%any<br>        rightprotoport=%any<br>        leftcert=/home/vivek/vivek/latestdir1/BTScert.pem<br>        rightid=%any<br>        auto=add</div>
<div> </div>
<div>Not specifying the rightsubnet. replaces it with right/32.</div>
<div> </div>
<div>Can you let me know how can I specify a connection that would encrypt traffic from any destination ( right subnet)</div>
<div> </div>
<div>Thanks,</div>
<div>Vivek<br></div>