On 12.03.2017 19:05, Hoggins! wrote: > Now I want to have road warriors connected on gateway B. That's cool > : they get a dynamic IP address on 192.168.22.0/24 and they can talk to > hosts on 192.168.55.0/24. Great.
TL;DR: Use a different subnet. Long story: You've got conflicting subnets which you can't easily solve, because the TS is (Site A) 192.168.22.0/24 == 192.168.55.0/24 (B) and the roadwarrior's conflicting subnet is 192.168.22.0/24. The TS of the tunnel does not permit transmission of packets from site B to site A where the destination and source are in 192.168.22.0/24. Hosts on site A wouldn't be able to figure out if a host in 192.168.22.0/24 is on the link (and deliver the packet locally by directly addressing the host on layer two) or reachable over gw A. gw A wouldn't know what host in 192.168.22.0/24 is local and which is attached to site B via a roadwarrior connection. -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
