Hi Markus, > the tunnel won't get up if I only do an "ipsec start" and try to ping a > machine on the remote network. The Juniper device complains about wrong > */32 ProxyIDs.
Are you using strongSwan 5.0.0? If yes, this is a known bug and has been fixed [1] in 5.0.1. 5.0.0 included the traffic selector of the triggering packet (as it is recommended in IKEv2), but this of course doesn't work with IKEv1, where we can negotiate a single subnet only. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=777bcdc0 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
