On Tue, 24 Apr 2018, Ivan Kuznetsov wrote:
conn aCustomer connaddrfamily=ipv4 type=tunnel auto=start authby=secret left=A.B.C.D leftsubnets=30.191.90.169/32,30.191.90.170/32 right=E.F.G.H rightsubnets=30.201.192.24/32,30.201.192.34/32 ikev2=noIt need to add some customer addresses 30.201.x.y to tunnel. Customer IT service ask me to add the whole network 30.201.0.0/16 to rightsubnet, but for some reason does not remove the subset addresses:rightsubnets=30.201.192.24/32,30.201.192.34/32,30.201.0.0/16Will this configuration work properly for "old" addresses 30.201.192.24 and .34? What is the policy to choose one of overlapping traffic selectors - by longest prefix or someway other?
It should work. The linux kernel uses priority numbers only, but libreswan does a translation that maps longest prefix to a priority number. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
