On Wed, 21 Feb 2024, Phil Nightowl wrote:
Server conf:
conn remotesite
left=%defaultroute
leftcert=server
leftsubnet=192.168.1.253/32
right=%any
rightaddresspool=192.0.2.0/24
auto=add
ikev2=yes
authby=rsasig
leftid=%fromcert
rightid=%fromcert
leftrsasigkey=%cert
rightrsasigkey=%cert
pfs=yes
aggressive=no
salifetime=1h
negotiationshunt=hold
failureshunt=drop
rekey=no
add narrowing=yes on the serer as well.
Paul
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan