On Tue, 14 Feb 2023, Brady Johnson wrote:
Why do the policies get created differently?
I think a configuration issue.
Server config with address pool: ------------------------------------------- conn vpnserver.dl110-05.xyz.com # right is remote(client), left is local(server) left=192.168.43.55 leftid="O=XYZ,CN=vpnserver.dl110-05.xyz.com" leftsubnet=172.16.2.55/24 leftrsasigkey=%cert leftcert=vpnserver.dl110-05.xyz.com leftsendcert=always # Clients right=%any rightrsasigkey=%cert rightid=%fromcert rightca=%same rightsubnet=0.0.0.0/0 rightaddresspool="172.16.111.10-172.16.111.99"
here rightsubnet should not be used because rightaddresspool is in use. The right (client) subnet is supposed to be the 1 IP address. It probably ignored rightsubnet= for you.
Server config with static client IP: -------------------------------------------- conn vpnserver.dl110-05.xyz.com left=192.168.43.55 leftid="O=XYZ,CN=vpnserver.dl110-05.xyz.com" leftsubnet=172.16.2.55/24 leftrsasigkey=%cert leftcert=vpnserver.dl110-05.xyz.com leftsendcert=always # Clients right=%any rightrsasigkey=%cert rightid=%fromcert rightca=%same rightsubnet=0.0.0.0/0
Now 0.0.0.0/0 lives on the client, not the server. So likely your server is losing internet connectivity. You would want to use rightsubnet=172.16.111.10/32 Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
