On Wed, 5 Jun 2019, optimas primat wrote:
I am trying to create site-to-site IPsec VPN with two subnets on each
site using libreswan on linux gateways.
conn siteA_ipsec
left=172.16.99.11
leftsourceip=172.16.99.11
right=%any
leftsubnets={172.16.55.0/24,172.16.56.0/24}
rightsubnets={172.16.66.0/24,172.16.67.0/24}
auto=add
conn siteB_ipsec
left=172.16.88.88
leftsourceip=172.16.88.88
right=172.16.99.11
leftsubnets={172.16.66.0/24,172.16.67.0/24}
rightsubnets={172.16.55.0/24,172.16.56.0/24}
auto=start
You should not use leftsourceip= when using multiple leftsubnets
I get TS_UNACCEPTABLE error in pluto logs and tunnel gets established
for only one subnet pair. When I change right=%any to
right=172.16.88.88 in Site A's config, tunnel gets established
successfully for all subnet pairs. As per requirement, I don't want to
specify Site B's IP address at Site A, as it will be dynamic. Hence I
used right=%any initially. But same config works with IKEv1.
Can you try without the sourceip= lines? If you still see an issue can
you then show some logs about what/why it is failing?
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
