On Mon, 19 Sep 2016 21:50:55 +1000 Reuben Farrelly <[email protected]> wrote:
> Hi, > > I've been experimenting today with Vti based configuration and run > into a few problems. > > The libreswan config looks like this: > > conn router-2.reub.net > left=139.162.51.249 > [email protected] > leftsubnet=0.0.0.0/0 > leftsourceip=192.168.6.1 ^^^^^^^^^^^^^^^^^^^^^^^^ Here is your config error. That always causes routing. So vti-routing=no below is ignored because sourceip functionality doesn't work at all without routing which forces routing. > right=%any > [email protected] > rightsubnet=0.0.0.0/0 > authby=secret > ikev2=insist > ikelifetime=86400s > salifetime=3600s > ike=aes256-sha1;modp1536 > phase2alg=aes128-sha1;modp1536 > mtu=1438 > dpddelay=15 > dpdtimeout=45 > dpdaction=clear > auto=add > mark=12/0xffffff > vti-interface=vti01 > vti-routing=no > vti-shared=yes So vti-routing=no doesn't disable routing because setting leftsourceip already forced routing. -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <http://foobar.fi/> _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
