I hope the wording of my question made sense.. Another way to ask it is: "Can outbound traffic selectors be based on destination subnets without a specific 'right' address?" If so, how does one configure that to trigger charon into action when packets are innitiated to that subnet?
thanks, Keith On Mon, Feb 25, 2013 at 10:59:06AM -0500, Keith Kaple wrote: > Is it possible with strongswan to setup a generic conn entry for transport > mode to any host in a particular subnet for IPv6? > > Something like: > > conn gtrans > left=2001:420:27ff:fff7:250:566f:fe92:5f44 > leftcert=cert.pem > leftfirewall=yes > right=%any > rightallowany=yes > rightid=%any > type=transport > auto=route > > > Where right is any IP address in the 2001:420 subnet and left is traffic > orginating from a particular IP on the local host. > > I've tried right=%any, rightsubnet=2001:420::0/96, etc. but the daemon log > always has "installing trap failed, remote address unknown" and IKEv2 > negotiation never occurs when I trying pinging. > > > thanks, > > Keith > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
