[strongSwan] Question on rightsubnet

Guy Maman mamang at porticor.com
Mon Dec 29 14:08:49 CET 2014

Hi all,

What is the different between rightsubnet=%dynamic to omit the rightsubnet?

I have the same strongswan version on both client and server:
Linux strongSwan U5.1.2/K3.13.0-40-generic

I read that it's supposed to be the same behaviour:
/Instead of specifying a subnet, /%dynamic/ can be used to replace it 
with the IKE address, having the same effect
as omitting /left|rightsubnet/ completely/

But for some reason when I omit the "rightsubnet" from the client, child 
is created and connection is created.
When rightsubnet=%dynamic it's not working with the error:
/15[IKE] received INTERNAL_ADDRESS_FAILURE notify, no CHILD_SA built//
//15[IKE] failed to establish CHILD_SA, keeping IKE_SA/


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141229/702a8c4c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3748 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141229/702a8c4c/attachment.bin>

More information about the Users mailing list