On Tue, 7 May 2024, Phil Nightowl wrote:
If NATing, disable it for the IPsec ip ranges ?Unfortunately, this is not feasible due to ISP limitations. On the roadwarrior end, it is not possible at all. On the server end, I theoretically might try, but the odds are rather against me, I am afraid.
Then be sure to have a leftsubnet= on your client or else it will try to use the pre-NAT IP and your remote peer would likely not accept that. If your public ip is sort of static, you could add leftsubnet=elasticip/32 but then you also need to configure that IP on loopback so the kernel can use it as source address. _______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan
