<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi,</p>
<p>nevermind, my fault. After adding more interfaces to the server
it's good idea to add their new addresses to conn.local_addrs :-)</p>
<p>Thanks.<br>
</p>
<div class="moz-cite-prefix">On 05.01.2021 23:18, Volodymyr Litovka
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:c9719276-34e5-04e3-a3c3-98f13f71b85e@gmx.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<p>Hello colleagues,</p>
<p>I added yet another connection (absolutely similar to others -
on both server and client side, except source WAN address) to
the config and this endpoint can not connect:<br>
</p>
<pre>charon-systemd[89567]: ike config match: 0 (x.x.x.x...%any IKEv2)
charon-systemd[89567]: ike config match: 0 (x.x.x.x...y.y.y.y IKEv2)
charon-systemd[89567]: ike config match: 0 (x.x.x.x...z.z.z.z IKEv2)
charon-systemd[89567]: ike config match: 0 (x.x.x.x...%any IKEv2)
charon-systemd[89567]: message repeated 6 times: [ ike config match: 0 (x.x.x.x...%any IKEv2)]
</pre>
<p>the only difference between this one and other (with same
config as I said above) is source address - this one which is
failing is the only one which connects from private networks,
other connections are from Internet.</p>
<p>Connectivity is ok, hosts can ping each other, so no issues on
network side. For some reasons, Strongswan can not find
connection's config.<br>
</p>
<p>Sorry for probably stupid question, but the quick question at
the moment is - can be there some restrictions in Strongswan
which prevent connections from RFC1918 networks and, if they
are, where are they?</p>
<p>Thank you.<br>
</p>
<pre class="moz-signature" cols="72">--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison</pre>
</body>
</html>