[strongSwan] Help needed with shunted connections - not working as expected

Noel Kuntze noel at familie-kuntze.de
Tue Feb 16 18:53:11 CET 2016

On 16.02.2016 13:43, Mahendra SP wrote:
> conn allow-9100
> 	leftsubnet=[6/%any]
> 	rightsubnet=[6/9100]
> 	leftfirewall=yes
> 	type=allow
>     auto=route
"allow" is not a valid setting for "type".

> conn drop-rest
> 	leftsubnet=
> 	rightsubnet=
> 	leftfirewall=yes
> 	type=passthrough
>     auto=route
What's the purpose of that? It just tells XFRM to not do any processing on
packets that match those left- and rightsubnet settings.

When I look at all your settings, they seem to contradict each other.
Please do a minimal setup. I think the error is in your overlaping subnets
with all those different types.


Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160216/c29055ae/attachment.pgp>

More information about the Users mailing list