[strongSwan] Routing between two remote sites
VTwin Farriers
vtwin at cox.net
Tue Jan 25 03:13:02 CET 2022
If I try to add 10.128.0.0/16 to the configuration for East <=> Central, I get:
received TS_UNACCEPTABLE notify, no CHILD_SA built
failed to establish CHILD_SA, keeping IKE_SA
when I attempt to bring up the connection.
This seems to be related to the fact there is no interface or route on Central which is on the 10.128.0.0 subnet, 10.128.0.0/16 traffic is passed to West via the West<=>Central ipsec link.
swanctl.conf:
connections {
EastCentral {
version=2
local_addrs=a.b.c.d
proposals=aes256-sha1-modp1024, default
local-0 {
auth = psk
}
remote-0 {
auth = psk
}
remote_addrs=w.x.y.z
children {
EastCentral {
esp_proposals=aes256-sha1, default
dpd_action=restart
local_ts=10.0.0.0/16
remote_ts=10.64.0.0/16,10.128.0.0/16
}
}
}
}
secrets {
ike-w.x.y.za.b.c.d {
secret = "SantizedForYourProtection"
id-1=w.x.y.z
id-0=a.b.c.d
}
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220124/bfb1773e/attachment.html>
More information about the Users
mailing list