Hello Serge,
conn academ.certs.locally.stored
leftsubnet=192.168.169.0/24
leftsendcert = never
right=%any
rightcert=peercerts/academ2034.hostCert.pem
rightsendcert = never
rightsubnet=192.168.3.0/24 //which way is better
#rightsubnet=0.0.0.0/0 //for the network segment selector?
keyexchange=ikev2
mobike=yes
compress=no
auto=add
It would be great again if you notice anything specific about the current setup
to resolve the NATed access problem.
Can you check with
[root@frqx ~]# ip xfrm pol
if you really disabled IPComp? If I remember correctly sometimes it's
necessary to remove compress=yes from conn %default.
Regards,
Volker
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
