[Swan] Tunnel Going Down
Paul Wouters
paul at nohats.ca
Fri Oct 21 17:10:56 UTC 2016
On Fri, 21 Oct 2016, Banana Man wrote:
> I didn't want to confuse things, but I'm actually using a NAT with this tunnel (as well as
> several others on this machine). So left= is a different value (my machine's real IP) than
> leftsubnet= and leftsourceip=, which are the NAT address. So I think I need to set both of
> those. I have always used 255.255.255.255 in the subnet settings to restrict to the single
> IP, is this not advisable? I only want access to the machine I'm starting the tunnel on,
> not the whole subnet.
Ok, if leftsubnet is an IP different from left that is fine. That did
not show in your posted config. If you are behind NAT, ensure you have
the shorter ikelifetime= so you are always the end rekeying first.
Paul
More information about the Swan
mailing list