[strongSwan] failed to establish CHILD_SA -- but this used to work!
Tobias Brunner
tobias at strongswan.org
Thu May 9 17:43:33 CEST 2019
Hi Aram,
> If this is my problem, I don’t understand why the same configuration results in different behavior now.
It's most likely not the same.
As the log tells you, the traffic selectors don't match. The fix is
simple: configure either 0.0.0.0/0 or 192.168.3.0/24 as remote
traffic selector on your client (i.e. in rightsubnet) so it matches the
local traffic selector (i.e. leftsubnet) on the server (with 0.0.0.0/0
it gets narrowed to whatever the server has configured). If rightsubnet
is not set it, the remote traffic selector will default to the remote
address.
Regards,
Tobias
More information about the Users
mailing list