Thanks for the reply. I'm going to try the rekey. I didn't want to confuse things, but I'm actually using a NAT with this tunnel (as well as several others on this machine). So left= is a different value (my machine's real IP) than leftsubnet= and leftsourceip=, which are the NAT address. So I think I need to set both of those. I have always used 255.255.255.255 in the subnet settings to restrict to the single IP, is this not advisable? I only want access to the machine I'm starting the tunnel on, not the whole subnet.
Thanks, Bananas
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
