Hello I have SS501 and net2net scenario. I'm acting as initiator and responder prefers IPV4 (SA per host) Phase 2 identities. There are one C-class subnet (destination) that I need to tunnel from one C-class (source), but how to do it with only one connection, I see that left/rightsubnetwithin is not supported in 5.x.x.
How to configure conn one leftsubnet=10.0.0.0/24 rightsubnet=172.16.0.0/24 add=route so that the result would be: IPSec SA: 10.0.0.1/32[any protocol] <->172.16.0.1/32[any protocol] 10.0.0.1/32[any protocol] <->172.16.0.100/32[any protocol] I did not find any "negotiate SA per host" options that would this. Regards, Kimmo _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
