2016-07-25 10:58 GMT+03:00 Paul Wouters <[email protected]>: Do not use XXXsourceip= when using XXXsubnetS= because the sourceip can only > refer to one submit. > > Why are you not using 192.168.128/23 insteaf of 192.168.129.0/24 + > 192.168.128.0/24 ?
Ok. Thanks. > The passthrough goes on your branch office. In this case left= is the > branch and right is the world. So left should be a local ip on your > branch IPsec gateway. You could probably use left=%defaultroute. > left=%defaultroute ? my route table from office. ( no main ) --- Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.121.16 * 255.255.255.252 U 0 0 0 eth0.286 192.168.129.0 * 255.255.255.0 U 0 0 0 br129 192.168.128.0 * 255.255.255.0 U 0 0 0 br128 link-local * 255.255.0.0 U 1004 0 0 br128 link-local * 255.255.0.0 U 1006 0 0 br129 link-local * 255.255.0.0 U 1007 0 0 eth0.286 default 192.168.121.18 0.0.0.0 UG 0 0 0 eth0.286 --- Thanks. P.S. Sorry my, i send wrong table route in private mail. -- mx
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
