Dan, > I thought I could use "%any" for the right parameter and then specify the > exact ip addresses using the rightsubnet.
What exactly is your intention when doing so? > right=%any > rightsubnet=10.100.1.10[tcp/3306],10.100.1.20[tcp/3306] > 11[CFG] installing trap failed, remote address unknown To which IKE gateway should we initiate on matching traffic? This information is missing from your configuration. strongSwan currently does not support any-trap policies, where the connection is initiated to the destination of the offending traffic. Tobias did some work for that at [1], but this has not been integrated to mainline yet. If you need to cover these two hosts, just use two configurations having "right" set to the appropriate host. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/trap-any _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
