On 16.02.2016 13:43, Mahendra SP wrote: > conn allow-9100 > leftsubnet=192.168.1.6[6/%any] > rightsubnet=192.168.1.8[6/9100] > leftfirewall=yes > type=allow > auto=route "allow" is not a valid setting for "type".
> conn drop-rest > leftsubnet=192.168.1.6 > rightsubnet=192.168.1.8 > leftfirewall=yes > type=passthrough > auto=route What's the purpose of that? It just tells XFRM to not do any processing on packets that match those left- and rightsubnet settings. When I look at all your settings, they seem to contradict each other. Please do a minimal setup. I think the error is in your overlaping subnets with all those different types. -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
