[Swan] no work - Subnet extrusion - in CentOS 6.8

Paul Wouters paul at nohats.ca
Sun Jul 31 16:14:44 UTC 2016


You changed one end to use /23 but the other end still uses two /24's so negotiation will fail

Sent from my iPhone

> On Jul 27, 2016, at 06:57, Sergey Mihailov <sergey.mihailov at gmail.com> wrote:
> 
> config-1:
> ------------
> conn mytunnel
>     leftid=@off1.net.prn.int
>     left=192.168.121.17
>     leftsourceip=192.168.129.254
>     leftsubnet=192.168.128.0/23
>     leftrsasigkey=0sAQ1xad9N4...
>     #
>     rightid=@main.prn.int
>     right=192.168.121.1
>     rightsourceip=192.168.1.60
>     rightsubnet=0.0.0.0/0
>     rightrsasigkey=0sAQMCfFm...
>     #
>     authby=rsasig
>     auto=start
> 
> conn 129-exclude
>     left=192.168.129.254
>     leftsubnet=192.168.129.0/24
>     right=0.0.0.0
>     rightsubnet=192.168.129.0/24
>     authby=never
>     type=passthrough
>     auto=route
> 
> conn 128-exclude
>     left=192.168.128.250
>     leftsubnet=192.168.128.0/24
>     right=0.0.0.0
>     rightsubnet=192.168.128.0/24
>     authby=never
>     type=passthrough
>     auto=route
> 
> config-2:
> ------------
> conn mytunnel
>     leftid=@off1.net.prn.int
>     left=192.168.121.17
>     leftsourceip=192.168.129.254
>     leftsubnets={192.168.129.0/24 192.168.128.0/24}
>     leftrsasigkey=0sAQ1xad9N4...
>     #
>     rightid=@main.prn.int
>     right=192.168.121.1
>     rightsourceip=192.168.1.60
>     rightsubnet=192.168.1.0/24
>     rightrsasigkey=0sAQMCfFm...
>     #
>     authby=rsasig
>     auto=start
> 
> config1 - no works.
> config2 - works.
> 
> Thanks.
> 
> 2016-07-26 11:44 GMT+03:00 Paul Wouters <paul at nohats.ca>:
> 
>> The config on the libreswan wiki page is correct, so you must
>> have misunderstood it? You can try sharing the full config
>> again from one of the branch offices, so we can have a look.
>> 
>> Paul
> 
> -- 
> mx
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160731/6c0bf7e6/attachment.html>


More information about the Swan mailing list