Hello Henry, > Sep 24 10:41:07 VPN pluto[16791]: "test" #324: received ModeCfg > message when in state STATE_MAIN_R3, and we aren't mode config client
Seems that 5.0 sends a Mode Config message, but 4.5 does not expect one. With strongSwan 4.x and IKEv1, pluto didn't send a Mode Config message if you define leftsourceip to a fixed IP. With 5.0, charon always negotiates the address in both IKEv1 and IKEv2. Specifying leftsourceip might not be required anymore with 5.x, as charon always installs a route with a matching source address. However, there is currently no way to enforce a specific address if two addresses would match to the negotiated traffic selector. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
