[strongSwan] Proxy ID handling
Martin Willi
martin at strongswan.org
Tue Jan 29 11:11:53 CET 2013
Hi Markus,
> the tunnel won't get up if I only do an "ipsec start" and try to ping a
> machine on the remote network. The Juniper device complains about wrong
> */32 ProxyIDs.
Are you using strongSwan 5.0.0? If yes, this is a known bug and has been
fixed [1] in 5.0.1. 5.0.0 included the traffic selector of the triggering
packet (as it is recommended in IKEv2), but this of course doesn't work
with IKEv1, where we can negotiate a single subnet only.
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=777bcdc0
More information about the Users
mailing list