On Fri, 20 Apr 2018, Adam Tauno Williams wrote:
I have been able to peer the Cisco router and the Libreswan host in a
straight-up assocation but when I attempt to change this over the a
vrf-VTI configuration I am getting stuck.
(identity) local= X.Y.W.X, remote= A.B.C.D,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4)
-- Libreswan
conn mhhs-vti
mark=10/0xffffff
ikelifetime=1440m
keylife=60m
rekeymargin=3m
keyingtries=1
authby=secret
left=A.B.C.D #strongswan outside address
leftid=A.B.C.D #IKEID sent by strongswan
right=X.Y.W.Z #IOS outside address
rightid=X.Y.W.Z #IKEID sent by IOS
I think you want to add:
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
