Am 08.10.2014 13:38, schrieb Andreas Steffen:
Hi Jakob,
In IKEv1 terminology the client IDs are traffic selectors
(a single host or an IPv4 or IPv6 subnet) which define which
local and remote subnets behind the gateways are to be connected
with each other over the tunnel. With IKEv2 these proposals must match
exactly. In your case it seems that the two IPsec endpoints propose
differing subnet defininitions.
In a way this was the point. I used the same notation on both sides:
rightsubnet=192.168.4.0/255.255.255.0
but the newer strongswan will only understand CIDR masks correctly:
rightsubnet=192.168.4.0/24
In the other case, it offers 192.168.4.0/32 which does not match the
other side.
But this is hard to see as both notations describe the same network....
Anyway, it works now, thank you very much for the hint!
Regards,
Jakob Curdes
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
