[Swan] Tunnel Going Down

Paul Wouters paul at nohats.ca
Fri Oct 21 17:10:56 UTC 2016

On Fri, 21 Oct 2016, Banana Man wrote:

> I didn't want to confuse things, but I'm actually using a NAT with this tunnel (as well as
> several others on this machine). So left= is a different value (my machine's real IP) than
> leftsubnet= and leftsourceip=, which are the NAT address. So I think I need to set both of
> those. I have always used in the subnet settings to restrict to the single
> IP, is this not advisable? I only want access to the machine I'm starting the tunnel on,
> not the whole subnet.

Ok, if leftsubnet is an IP different from left that is fine. That did
not show in your posted config. If you are behind NAT, ensure you have
the shorter ikelifetime= so you are always the end rekeying first.


More information about the Swan mailing list