> > There already is a
> >
> > leftsubnet=0.0.0.0/0
> > rightsubnet=srv.ii.nn.tt/32
> >
> > in the roadwarrior's config. The config file of the server contains
> >
> > leftsubnet=srv.ii.nn.tt/32
> > rightaddresspool==192.0.2.0/24
> > narrowing=yes
>
> Oh ok, if assigning an IP to a roadwarrior, that is fine. But you will
> need to ensure you are NATing traffic on the server from 192.0.2.0/24
> to !192.0.2.0/24
That is actually no strict requirement from myself. I removed the
rightaddresspool= for now, and the tunnel is still being established fine as
it was before. But that is not the main issue now.
> > As not to get lost: we're still basically trying to get libreswan to
> > install a xfrm policy with the right source IP (i. e. rw.ii.nn.tt) for the
> > out direction, so that the policy triggers on the outgoing packets and
> > sends them through the established tunnel, right?
>
> You should have a tunnel policy from 192.0.2.x/32 to srv.ii.nn.tt/32
This is exactly where I am stuck now. With my current config,
libreswan installs a tunnel policy from rw.pp.uu.bb/32 to srv.ii.nn.tt/32,
which obviously cannot trigger. And I have no idea why this happens, nor
what can I do about that.
Best regards,
Phil
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
