On Fri, 3 May 2019, Viktor Keremedchiev wrote:
Subject: [Swan] rightusbnets and leftsubnets - only a single network works
I have tunnel between libreswan and Palo Alto. I have defined 2 leftsubets but
only one is created. I don’t have access to the Palo Alto device
leftsubnets={ 10.64.30.5/32 }
rightsubnets={ 10.128.0.0/9 10.65.0.0/16 }
Tunnel is established
one of the two
ip xfrm policy
src 10.64.30.5/32 dst 10.128.0.0/9
dir out priority 1040374 ptype main
tmpl src 162…... dst 4.79.1.105
proto esp reqid 16389 mode tunnel
src 10.128.0.0/9 dst 10.64.30.5/32
dir fwd priority 1040374 ptype main
tmpl src 4…….. dst 162………...
proto esp reqid 16389 mode tunnel
src 10.128.0.0/9 dst 10.64.30.5/32
dir in priority 1040374 ptype main
tmpl src 4……... dst 162………...
proto esp reqid 16389 mode tunnel
What might be causing that 10.128.0.0/9 is established but not 10.65.0.0/16?
Most likely the other end did not like your request for the second
tunnel. Check the libreswan logs and if you can the remote device
logs.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
