On Thu, 9 May 2024, Phil Nightowl wrote:
Then be sure to have a leftsubnet= on your client or else it will try to use the pre-NAT IP and your remote peer would likely not accept that.There already is a leftsubnet=0.0.0.0/0 rightsubnet=srv.ii.nn.tt/32 in the roadwarrior's config. The config file of the server contains leftsubnet=srv.ii.nn.tt/32 rightaddresspool==192.0.2.0/24 narrowing=yes
Oh ok, if assigning an IP to a roadwarrior, that is fine. But you will need to ensure you are NATing traffic on the server from 192.0.2.0/24 to !192.0.2.0/24
As not to get lost: we're still basically trying to get libreswan to install a xfrm policy with the right source IP (i. e. rw.ii.nn.tt) for the out direction, so that the policy triggers on the outgoing packets and sends them through the established tunnel, right?
You should have a tunnel policy from 192.0.2.x/32 to srv.ii.nn.tt/32 Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
