Hi, > I'm looking to VPN every machine in a LAN. I infer that this would be > something like a host-to-host config. Did you have a look at the trap-any scenario? Regards, Tobias [1] https://www.strongswan.org/testing/testresults/ikev2/trap-any/