Paul, thank you a lot!
Ivan
24.04.2018 17:36, Paul Wouters пишет:
On Tue, 24 Apr 2018, Ivan Kuznetsov wrote:
conn aCustomer
connaddrfamily=ipv4
type=tunnel
auto=start
authby=secret
left=A.B.C.D
leftsubnets=30.191.90.169/32,30.191.90.170/32
right=E.F.G.H
rightsubnets=30.201.192.24/32,30.201.192.34/32
ikev2=no
It need to add some customer addresses 30.201.x.y to tunnel. Customer
IT service ask me to add the whole network 30.201.0.0/16 to
rightsubnet, but for some reason does not remove the subset addresses:
rightsubnets=30.201.192.24/32,30.201.192.34/32,30.201.0.0/16
Will this configuration work properly for "old" addresses
30.201.192.24 and .34? What is the policy to choose one of overlapping
traffic selectors - by longest prefix or someway other?
It should work.
The linux kernel uses priority numbers only, but libreswan does a
translation that maps longest prefix to a priority number.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
