( Sorry Bad my english ) Its correct ? : ( remote side ) --- conn mytunnel leftid=@off1.net.prn.int left=192.168.121.17 leftsourceip=192.168.129.254 leftsubnets={192.168.129.0/24 192.168.128.0/24} # <--- ? (subnets) leftrsasigkey=0sAQ1xad9N... # rightid=@main.prn.int right=192.168.121.1 rightsourceip=192.168.1.60 rightsubnet=0.0.0.0/0 rightrsasigkey=0sAQMCfFm.... # authby=rsasig auto=start
conn 129-exclude left=0.0.0.0 # <---- ? (left) leftsubnet=192.168.129.0/24 right=192.168.129.254 rightsubnet=192.168.129.0/24 authby=never type=passthrough auto=route conn 128-exclude left=192.168.128.250 leftsubnet=192.168.128.0/24 right=0.0.0.0 # <----- ? (right) rightsubnet=192.168.128.0/24 authby=never type=passthrough auto=route --- No really works in CentOS 6.8 + updates. I see : https://libreswan.org/wiki/Subnet_extrusion ... conn branch1 # <--- ? ( branch1 ) left=1.2.3.4 leftid=@headoffice leftsubnet=0.0.0.0/0 leftrsasigkey=0sA[...] # right=10.11.12.13 rightid=@branch2 # <---- ? ( branch2 ) righsubnet=10.0.1.0/24 rightrsasigkey=0sAYYYY[...] # auto=start authby=rsasigkey conn passthrough left=1.2.3.4 # <--- ? ( from headoffice) right=0.0.0.0 leftsubnet=10.0.1.0/24 # <--- ? ( from brach2 ) rightsubnet=10.0.1.0/24 authby=never type=passthrough auto=route ... strange :( Thanks. -- mx
_______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan