[strongSwan] strongSwan 5 IKEv1 tunnel (iOS or StrongSwan client)
Martin Willi
martin at strongswan.org
Wed Jul 25 13:12:01 CEST 2012
Hi Max,
> conn ios
> rightsubnet=10.0.0.0/24
> rightsourceip=10.100.255.0/28
> conn us-east-1-vpc
> leftsourceip=%config
You didn't specify a leftsubnet on the client (which is good). This
implies that the leftsubnet will be the address assigned using Mode
Config. This address will be allocated from the pool 10.100.255.0/28.
The Quick Mode that follows now uses the Mode Config address as "client
subnet", but your responder expects rightsubnet=10.0.0.0/24. Hence your
connection won't match.
If you remove the rightsubnet definition from your responder
configuration, the responder will use the allocated address, too, and
your tunnel should come up.
Regards
Martin
More information about the Users
mailing list