On Sun, 21 Feb 2016 20:13:38 -0500 Alex <[email protected]> wrote:
> Can I just leave out the subnet declarations where they're not > necessary? Assuming 'arcade' (23.227.181.206) was the name of the > roadwarrior host and its default route is 23.227.181.193: > > conn VPN-DGHQ-DGXO-2 > auto=start > left=68.111.193.42 > leftnexthop=68.111.193.41 > leftsubnet=192.168.1.0/24 > leftid="@C=US, ST=New Jersey, L=Newark, O=My Company Inc, > CN=orion.example.com" Here you have a problem. When ID start with @, it's ID type FQDN. But your id is really ID_DER_ASN1_DN type, certificate subject. Remove character "@". > leftcert=orion > right=23.227.181.206 > rightnexthop=23.227.181.193 > rightid="@C=US, ST=New Jersey, L=Newark, O=My Company Inc, > CN=cyclops.example.com" Same here. > rightcert=arcade -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <http://foobar.fi/> _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
