Hi Meenakshi, > request_virtual_ip = yes > ... > initiator_ts = 10.10.3.1/24
If you use `request_virtual_ip = yes` you don't have to specify the initiator's traffic selector (`initiator_ts` is actually not a valid option, the initiator's local TS would be set in `initiator_tsi`). But to replace the default route and not only tunnel traffic to your responder (i.e. 10.101.248.152/32) you'll have to specify `initiator_tsr = 0.0.0.0/0`, otherwise the responder, even when configured with `leftsubnet = 0.0.0.0/0`, will narrow the remote TS to the single IP address proposed by the client. > Also I see that my ipsec statusall shows everything to be /32 but i > have configured on the server for it to be /24. The option `rightsourceip=10.10.3.0/24` specifies an IP address pool for virtual IP addresses assigned to clients, not a traffic selector. In your case the address 10.10.3.1/32 is assigned to the client via configuration payloads. Regards, Tobias _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
