On Fri, 1 Oct 2021, owen s wrote:
conn mainconnection
auto=start
authby=secret
ike=aes256-sha256;dh14
esp=aes256-sha256
ikelifetime=86400s
salifetime=3600s
pfs=no
compress=no
ikev2=no
aggressive=no
left=[my nat ip address]
leftsubnet=10.1.0.0/20
leftid=[my local machine's public ip address[
right=[remote ip address]
rightsubnet=10.120.7.0/26
The above connection works and I can connect to the remote subnet.I need to
create a few more routes for a loopback and two interfaces.
I have a tunnel source which are all a part of the right subnet [10.120.7.0/26]
ip address range.
The question here is not clear, so it is not possible to give you much
advise. To add subnets, you can use leftsubnets="a.b.c.0/24,d.e.f.g.0/24"
(note the plural subnetS)
You cannot just "route" whatever into and interface and hope IPsec
works. IPsec needs proper policies installed before you can do things
like routing into an ipsecX or vtiX device.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
