Right, but for this use case we didnt want the server to assign an IP to the client.
Thanks, *Brady Johnson* Principal Software Engineer Telco Verification Ecosystems Engineering brady.john...@redhat.com On Tue, Feb 27, 2024 at 4:40 PM Paul Wouters <p...@nohats.ca> wrote: > On Tue, 27 Feb 2024, Brady Johnson via Swan-dev wrote: > > > We tried several changes to the client nmstate configuration. Setting > "ipv4: dhcp: false" caused a configuration error in nmstate. > > We have created a bug for that and the nmstate team is working on it. > > Then, we tried with the same client nmstate configuration, but added > "leftmodecfgclient: false" and this allowed us to establish the > > tunnel. > > > > So, apparently, the "ipv4: dhcp: true" nmstate configuration causes the > client to request IP addresses and DNS. And setting > > "leftmodecfgclient: false" overrides that in the nmstate configuration. > > Note that for libreswan 5.0, the client should use something like: > > leftsubnet=0.0.0.0/0,::/0 > > And the server should use something like: > > rightaddresspool=100.64.13.0/24,2a03:6000:1005::/97 > > and it will hand out both v4 and v6 addresses on the same single IPsec > SA. > > Paul > >
_______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev