[Swan] Overlapping traffic selectors and IKEv1
paul at nohats.ca
Tue Apr 24 14:36:05 UTC 2018
On Tue, 24 Apr 2018, Ivan Kuznetsov wrote:
> conn aCustomer
> It need to add some customer addresses 30.201.x.y to tunnel. Customer IT
> service ask me to add the whole network 184.108.40.206/16 to rightsubnet, but for
> some reason does not remove the subset addresses:
> Will this configuration work properly for "old" addresses 220.127.116.11 and
> .34? What is the policy to choose one of overlapping traffic selectors - by
> longest prefix or someway other?
It should work.
The linux kernel uses priority numbers only, but libreswan does a
translation that maps longest prefix to a priority number.
More information about the Swan