> when compile with --enable-unity, then must be set any one of > unity_split_include like: > > ipsec pool --addattr unity_split_include
The unity plugin works completely independently of Split-Include attributes configured through a pool. You should use only one of them. The unity plugin builds Split-Include attributes automatically from leftsubnet definitions and allows the daemon to enforce these subnets. Pool attributes, though, are just plain attributes to send, the client may or may not respect them. > 10[CFG] sending UNITY_SPLIT_INCLUDE: 0.0.0.0/0 Probably the iOS client does not like 0.0.0.0/0 Split-Include attributes. Maybe we should just omit it in this case, but I currently don't have an iOS device here for testing. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
