On Wed, 21 Feb 2024, Phil Nightowl wrote:
Server conf:conn remotesite left=%defaultroute leftcert=server leftsubnet=192.168.1.253/32 right=%any rightaddresspool=192.0.2.0/24 auto=add ikev2=yes authby=rsasig leftid=%fromcert rightid=%fromcert leftrsasigkey=%cert rightrsasigkey=%cert pfs=yes aggressive=no salifetime=1h negotiationshunt=hold failureshunt=drop rekey=no
add narrowing=yes on the serer as well. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
