Hi Arne, > rightsubnet=172.20.1.0/24
That's wrong. Don't configure a rightsubnet when using virtual IPs. The remote traffic selector will automatically be set to the assigned virtual IP. And it looks like your server is behind a NAT router. Does that router know that it has to forward packets addressed to 172.20.1.0/24 back to your server (192.168.0.3)? Otherwise, you might have to NAT traffic from that subnet to the server's private IP first (again, see [1]). Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
