On Thu, 14 Oct 2021, Kontakt wrote:
conn xxx
authby = secret
auto = ignore
ikelifetime = 86400s
salifetime = 3600s
left = our public IP (ex. 8.8.8.8)
leftsubnet = our public IP (ex. 8.8.8.8)
right = client public IP (ex. 15.15.15.15)
rightsubnet = client another public ip (ex. 15.15.15.30)
ike = aes256-sha1; dh5
phase2alg = aes256-sha1; dh5
pfs = yes
ikev2 = never
pasting that into a conf file gave me a number of weird errors. It seems
your whitespace is not truly spaces or tabs ?
Your subnets need to be CIDR, eg 8.8.8.8/32 and not just an IP.
Don't use spaces in the crypto strings, eg "aes256-sha1;dh5" and not
"aes256-sha1; dh5"
this works for me:
conn xxx
authby = secret
auto = ignore
ikelifetime = 86400s
salifetime = 3600s
left = 8.8.8.8
leftsubnet = 8.8.8.8/32
right = 15.15.15.15/32
rightsubnet = 15.15.15.30/32
ike = aes256-sha1;dh5
phase2alg = aes256-sha1;dh5
pfs = yes
ikev2 = never
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
