[strongSwan] not all subnets get a tunnel
Noel Kuntze
noel at familie-kuntze.de
Thu Sep 17 20:57:11 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Am 17.09.2015 um 19:29 schrieb Averlon GmbH (in Gründung):
> rightsubnet=192.168.110.0/24,192.168.109.0/24
Why do you expect this to work?
With IKEv1, you can only tunnel traffic between parts of subnets, not arbitrary groups.
For the latter, you need to use IKEv2.
To alleviate the problem, you need to configure a second configuration for the same peer, but with the other subnet pair.
- --
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJV+w0EAAoJEDg5KY9j7GZYPIAP/14jw0RWF10T4jDW1o0ONUso
doihuW8ZBJvb0ql9toUGOeDsyc2mn+HAa2yJxfAww/vXIVX9VlVxwjb1vZtBLQxW
+/SaQSjPuu8s9BPH5cZ+8J9FtJVqs4xO3KueUoiwBILDscOyYVHR4YOTI8snhyvA
+DDgc11V3GEqcT09b1Aj2+PQ7XtqOWnOc02O2MBFcytbUwP+J50UqsAn6P2RsGY8
rgCWSDGp7nMdmuKS2TEPJQER//6CWF567A+fLWo4mpJapy4nTI3E0wTmVTa9XRzx
MEx2j1SFM8+QK0kOcqKlEoQHH6u4VXonyzJMk2uUaSsMBU6cArOJTKT8LxEZ9LVW
QKIiIM0a21nZ6m02rpL/XJjlIXFn37oqf1P6zuOZZvpvrsIbmnviRVQfAYfp6aIA
8U2cgjry85zMC0PbNI/ZisxHPUBy61X8R1xLJUSk4D4tpCoa2pddzwvyi6gcUUPC
LGLXObKwC+KObTUO1K6KLqDzYvePoEmU6rLrF8vbaYn2G5gryz2X2cggwESwcJbQ
VKpnQcOgI9dOHcJ13HNn5g5oNsxnWSsBHrqCjERiQqvwTg6DdVIPH4SvH4DC9Wba
TqRg+clGa4iKZDEJSZGEe1eZdk3wd+mwcxedq4BXRh5Qtugy7P+OpZKj0azdEkz5
jVeI1/pElOAmm8196yBw
=mtvs
-----END PGP SIGNATURE-----
More information about the Users
mailing list