[Swan] no work - Subnet extrusion - in CentOS 6.8
Paul Wouters
paul at nohats.ca
Sun Jul 31 16:14:44 UTC 2016
You changed one end to use /23 but the other end still uses two /24's so negotiation will fail
Sent from my iPhone
> On Jul 27, 2016, at 06:57, Sergey Mihailov <sergey.mihailov at gmail.com> wrote:
>
> config-1:
> ------------
> conn mytunnel
> leftid=@off1.net.prn.int
> left=192.168.121.17
> leftsourceip=192.168.129.254
> leftsubnet=192.168.128.0/23
> leftrsasigkey=0sAQ1xad9N4...
> #
> rightid=@main.prn.int
> right=192.168.121.1
> rightsourceip=192.168.1.60
> rightsubnet=0.0.0.0/0
> rightrsasigkey=0sAQMCfFm...
> #
> authby=rsasig
> auto=start
>
> conn 129-exclude
> left=192.168.129.254
> leftsubnet=192.168.129.0/24
> right=0.0.0.0
> rightsubnet=192.168.129.0/24
> authby=never
> type=passthrough
> auto=route
>
> conn 128-exclude
> left=192.168.128.250
> leftsubnet=192.168.128.0/24
> right=0.0.0.0
> rightsubnet=192.168.128.0/24
> authby=never
> type=passthrough
> auto=route
>
> config-2:
> ------------
> conn mytunnel
> leftid=@off1.net.prn.int
> left=192.168.121.17
> leftsourceip=192.168.129.254
> leftsubnets={192.168.129.0/24 192.168.128.0/24}
> leftrsasigkey=0sAQ1xad9N4...
> #
> rightid=@main.prn.int
> right=192.168.121.1
> rightsourceip=192.168.1.60
> rightsubnet=192.168.1.0/24
> rightrsasigkey=0sAQMCfFm...
> #
> authby=rsasig
> auto=start
>
> config1 - no works.
> config2 - works.
>
> Thanks.
>
> 2016-07-26 11:44 GMT+03:00 Paul Wouters <paul at nohats.ca>:
>
>> The config on the libreswan wiki page is correct, so you must
>> have misunderstood it? You can try sharing the full config
>> again from one of the branch offices, so we can have a look.
>>
>> Paul
>
> --
> mx
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160731/6c0bf7e6/attachment.html>
More information about the Swan
mailing list