[strongSwan] Help needed with shunted connections - not working as expected
Noel Kuntze
noel at familie-kuntze.de
Tue Feb 16 18:53:11 CET 2016
On 16.02.2016 13:43, Mahendra SP wrote:
> conn allow-9100
> leftsubnet=192.168.1.6[6/%any]
> rightsubnet=192.168.1.8[6/9100]
> leftfirewall=yes
> type=allow
> auto=route
"allow" is not a valid setting for "type".
> conn drop-rest
> leftsubnet=192.168.1.6
> rightsubnet=192.168.1.8
> leftfirewall=yes
> type=passthrough
> auto=route
What's the purpose of that? It just tells XFRM to not do any processing on
packets that match those left- and rightsubnet settings.
When I look at all your settings, they seem to contradict each other.
Please do a minimal setup. I think the error is in your overlaping subnets
with all those different types.
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160216/c29055ae/attachment.pgp>
More information about the Users
mailing list