You changed one end to use /23 but the other end still uses two /24's so negotiation will fail
Sent from my iPhone > On Jul 27, 2016, at 06:57, Sergey Mihailov <[email protected]> wrote: > > config-1: > ------------ > conn mytunnel > [email protected] > left=192.168.121.17 > leftsourceip=192.168.129.254 > leftsubnet=192.168.128.0/23 > leftrsasigkey=0sAQ1xad9N4... > # > [email protected] > right=192.168.121.1 > rightsourceip=192.168.1.60 > rightsubnet=0.0.0.0/0 > rightrsasigkey=0sAQMCfFm... > # > authby=rsasig > auto=start > > conn 129-exclude > left=192.168.129.254 > leftsubnet=192.168.129.0/24 > right=0.0.0.0 > rightsubnet=192.168.129.0/24 > authby=never > type=passthrough > auto=route > > conn 128-exclude > left=192.168.128.250 > leftsubnet=192.168.128.0/24 > right=0.0.0.0 > rightsubnet=192.168.128.0/24 > authby=never > type=passthrough > auto=route > > config-2: > ------------ > conn mytunnel > [email protected] > left=192.168.121.17 > leftsourceip=192.168.129.254 > leftsubnets={192.168.129.0/24 192.168.128.0/24} > leftrsasigkey=0sAQ1xad9N4... > # > [email protected] > right=192.168.121.1 > rightsourceip=192.168.1.60 > rightsubnet=192.168.1.0/24 > rightrsasigkey=0sAQMCfFm... > # > authby=rsasig > auto=start > > config1 - no works. > config2 - works. > > Thanks. > > 2016-07-26 11:44 GMT+03:00 Paul Wouters <[email protected]>: > >> The config on the libreswan wiki page is correct, so you must >> have misunderstood it? You can try sharing the full config >> again from one of the branch offices, so we can have a look. >> >> Paul > > -- > mx > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
