[Swan] Can subset of a subnet works between peers?
Paul Wouters
paul at nohats.ca
Mon Mar 6 20:05:43 UTC 2017
Why are you mismatching the ranges and masks??
You must use the same configuration of network ranges for both sides to agree.
Paul
Sent from my iPhone
> On Mar 6, 2017, at 19:59, Xinwei Hong <xhong at skytap.com> wrote:
>
> Hi,
>
> With pluto/netkey, if one one side I have:
> leftsubnets='10.100.0.0/16'
> rightsubnets='10.200.0.0/24'
>
> on the other side:
> leftsubnets='10.200.0.0/16'
> rightsubnets='10.100.0.0/24'
>
> step 2 negotiation won't work probably because they are not exact match. Is this expected or I'm missing something. Can it do a subset matching?
>
> Previously when I use racoon+netkey, things were OK and tunnel can be created.
>
>
> Thanks,
> Xinwei
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20170306/fee48765/attachment.html>
More information about the Swan
mailing list