[Swan] left/rightsubnets option
Erik Andersson
erik at ingate.com
Tue Apr 24 08:09:19 UTC 2018
On 2018-04-24 00:29, Paul Wouters wrote:
> On Mon, 23 Apr 2018, Erik Andersson wrote:
>
>> conn remote
>> ...
>> ...
>> right=10.48.28.81
>> rightid=10.48.28.81
>> rightsubnets=192.168.110.0/24,50.50.50.0/24
>> left=%any
>> ...
>> ...
>>
>> (have also tried rightsubnets={192.168.110.0/24 50.50.50.0/24})
>>
>> Yields the following error in the pluto.log file:
>>
>> Apr 23 12:42:48.546899: address family inconsistency in this/that
>> connection
>> Apr 23 12:42:48.546970: Failed to load connection "remote/1x1":
>> attempt to load incomplete connection
>
> That's weird. Can you show the full connection?
>
conn remote
auto=start
authby=secret
right=10.48.28.81
rightid=10.48.28.81
left=%any
rightsubnets=192.168.110.0/24,50.50.50.0/24
connaddrfamily=ipv4
pfs=yes
nat-keepalive=yes
encapsulation=auto
dpddelay="30"
dpdtimeout="120"
dpdaction=clear
rightmodecfgserver=yes
leftmodecfgclient=yes
modecfgpull=yes
leftaddresspool=10.20.20.0-10.20.20.254
modecfgdns=10.48.254.21
modecfgdomains=example.com
rightxauthserver=yes
leftxauthclient=yes
xauthby=file
rekey=no
>> Not sure what I'm doing wrong. Is it possible to use the
>> left/rightsubnets option (multiple subnets) option when working with
>> modecfg?
>
> Unfortunately, that is only supported on the client side, not the server
> side.
Ok good to know.
>
>> Also, is the left/rightsubnets option available via whack?
>
> Apparently not..... That's a bug. I will file a bug.
Thanks,
Erik
>
> Paul
More information about the Swan
mailing list