> Then be sure to have a leftsubnet= on your client or else it will try to
> use the pre-NAT IP and your remote peer would likely not accept that.
There already is a
leftsubnet=0.0.0.0/0
rightsubnet=srv.ii.nn.tt/32
in the roadwarrior's config. The config file of the server contains
leftsubnet=srv.ii.nn.tt/32
rightaddresspool==192.0.2.0/24
narrowing=yes
> If your public ip is sort of static, you could add
> leftsubnet=elasticip/32 but then you also need to configure that IP on
> loopback so the kernel can use it as source address.
I am definitely not able to get a static IP for the roadwarrior. The server
does have a static public IP.
As not to get lost: we're still basically trying to get libreswan to
install a xfrm policy with the right source IP (i. e. rw.ii.nn.tt) for the
out direction, so that the policy triggers on the outgoing packets and
sends them through the established tunnel, right?
Phil
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
