Hi, nevermind, my fault. After adding more interfaces to the server it's good idea to add their new addresses to conn.local_addrs :-)
Thanks. On 05.01.2021 23:18, Volodymyr Litovka wrote:
Hello colleagues, I added yet another connection (absolutely similar to others - on both server and client side, except source WAN address) to the config and this endpoint can not connect: charon-systemd[89567]: ike config match: 0 (x.x.x.x...%any IKEv2) charon-systemd[89567]: ike config match: 0 (x.x.x.x...y.y.y.y IKEv2) charon-systemd[89567]: ike config match: 0 (x.x.x.x...z.z.z.z IKEv2) charon-systemd[89567]: ike config match: 0 (x.x.x.x...%any IKEv2) charon-systemd[89567]: message repeated 6 times: [ ike config match: 0 (x.x.x.x...%any IKEv2)] the only difference between this one and other (with same config as I said above) is source address - this one which is failing is the only one which connects from private networks, other connections are from Internet. Connectivity is ok, hosts can ping each other, so no issues on network side. For some reasons, Strongswan can not find connection's config. Sorry for probably stupid question, but the quick question at the moment is - can be there some restrictions in Strongswan which prevent connections from RFC1918 networks and, if they are, where are they? Thank you. -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison
-- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison
