Hello, Using libreswan 3.12 with the native Android VPN client.
I am using the example in https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH When I try to narrow the leftsubnet I get cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===10.11.3.41 the peer proposed: 0.0.0.0/0:0/0 -> 10.231.247.1/32:0/0 is there a way to handle this situation? The Android VPN client has an Advanced option which allows me to configure split tunneling but I would prefer it to be handled by the server side. "The split tunneling directive will be sent automatically if the xauth server side has configured a network other than 0.0.0.0/0" conn xauth-rsa authby=rsasig pfs=no auto=add rekey=no left=10.11.3.41 leftcert=xxxx leftid=@xxxx leftsendcert=always leftsubnet=192.168.100.0/24 rightaddresspool=10.231.247.1-10.231.247.254 right=%any rightid=%fromcert rightrsasigkey=%cert modecfgdns1=192.168.100.15 leftxauthserver=yes rightxauthclient=yes leftmodecfgserver=yes rightmodecfgclient=yes modecfgpull=yes xauthby=alwaysok ike-frag=yes Anthony _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
