Hi Max, > conn ios > rightsubnet=10.0.0.0/24 > rightsourceip=10.100.255.0/28
> conn us-east-1-vpc > leftsourceip=%config You didn't specify a leftsubnet on the client (which is good). This implies that the leftsubnet will be the address assigned using Mode Config. This address will be allocated from the pool 10.100.255.0/28. The Quick Mode that follows now uses the Mode Config address as "client subnet", but your responder expects rightsubnet=10.0.0.0/24. Hence your connection won't match. If you remove the rightsubnet definition from your responder configuration, the responder will use the allocated address, too, and your tunnel should come up. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
