Hi, Thanks so much for sticking with me here.
> > This is my config now: > > conn host-to-host > > left=orion.guardiandigital.com > > leftid=@orion > > leftsubnet=192.168.1.0/24 > > leftrsasigkey=0sAwEAAczgDWWfK4A83Q1e/fTYS2C... > > right=%any > > rightsubnet=192.168.11.0/24 > > rightrsasigkey=0sAwEAAZRIg5GeGCHBqp561KQrfoiQnwsh... > > rightid=@wyckoff > > auto=add > > rekey=no > > I assume that orion is the side on fixed ip/dns name, and that wyckoff > is the end with a dynmic IP and behind NAT. In that case, on orion > you can use this config. On wyckoff you will need to change "right=%any" > to "right=%defaultroute". All other options can be the same, and you do > not need to change left/right or anything. I'm continuing to work through your email, but I've noticed now a few times you've referred to the server having a dynamic IP and behind NAT, but I never said anything about it being behind NAT. It's an Optonline dynamic IP, currently 68.192.251.223. There is a 192.168.11.0/24 network on the internal interface that the laptops/desktops/phones use (or will use) through NAT on the server to get to the Internet. It is correct that orion is on the side of the fixed IP. That is the local side. Does this change the setup? You had also mentioned something about only devices behind NAT could initiate, but those devices aren't the ones running the VPN client. _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
