Hi Kimmo, > how to do it with only one connection, I see that > left/rightsubnetwithin is not supported in 5.x.x.
left/rightsubnetwithin is not supported in 5.x because we use IKEv2 style traffic selector narrowing for IKEv1, too. > I'm acting as initiator and responder prefers IPV4 (SA per host) Phase > 2 identities. With IKEv1, you usually can't propose a /24 if the responder has a /32 configuration. It works with strongSwan, as we use this narrowing magic, but it probably doesn't with any other implementation. When using IKEv2 this is less of a problem, as the responder should be capable of narrowing down the traffic selectors to a common subset. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
