Joep Gommers wrote: > 10.2.0.0/24 however is not a subnet in which the StrongS/WAN box > resides. It resides behind yet another VPN appliance. So the routing > table on the "left" side would include something like: > > to 10.2.0.0/24 via 10.1.0.254 metric 1 > > However, StrongS/WAN refuses to create the traffic selector giving me > the error: > "no local address found in traffic selector 10.2.0.0/24"
Hi Joep, I browsed the source code. If I understand it correctly the message you quoted is NOT an error message. The reason why strongSwan looks for a local address in the traffic selector is that it wants to install a route of this kind (if your router had a local IP address of 10.2.0.33): 10.2.0.0/24 dev ppp0 scope link src 10.2.0.33 But in your case there's no need to install such a route because your router is not in that subnet. What's the output of ipsec statusall ? Also, log files of charon would be helpful -Daniel _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
