<div dir="ltr">config-1:<br><div>------------<br>conn mytunnel<br>    leftid=@<a href="http://off1.net.prn.int">off1.net.prn.int</a><br>    left=192.168.121.17<br>    leftsourceip=192.168.129.254<br>    leftsubnet=<a href="http://192.168.128.0/23">192.168.128.0/23</a><br>    leftrsasigkey=0sAQ1xad9N4...<br>    #<br>    rightid=@<a href="http://main.prn.int">main.prn.int</a><br>    right=192.168.121.1<br>    rightsourceip=192.168.1.60<br>    rightsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br>    rightrsasigkey=0sAQMCfFm...<br>    #<br>    authby=rsasig<br>    auto=start<br><br>conn 129-exclude<br>    left=192.168.129.254<br>    leftsubnet=<a href="http://192.168.129.0/24">192.168.129.0/24</a><br>    right=0.0.0.0<br>    rightsubnet=<a href="http://192.168.129.0/24">192.168.129.0/24</a><br>    authby=never<br>    type=passthrough<br>    auto=route<br><br>conn 128-exclude<br>    left=192.168.128.250<br>    leftsubnet=<a href="http://192.168.128.0/24">192.168.128.0/24</a><br>    right=0.0.0.0<br>    rightsubnet=<a href="http://192.168.128.0/24">192.168.128.0/24</a><br>    authby=never<br>    type=passthrough<br>    auto=route<br><div class="gmail_extra"><br></div><div class="gmail_extra">config-2:<br>------------<br>conn mytunnel<br>    leftid=@<a href="http://off1.net.prn.int">off1.net.prn.int</a><br>    left=192.168.121.17<br>    leftsourceip=192.168.129.254<br>    leftsubnets={<a href="http://192.168.129.0/24">192.168.129.0/24</a> <a href="http://192.168.128.0/24">192.168.128.0/24</a>}<br>    leftrsasigkey=0sAQ1xad9N4...<br>    #<br>    rightid=@<a href="http://main.prn.int">main.prn.int</a><br>    right=192.168.121.1<br>    rightsourceip=192.168.1.60<br>    rightsubnet=<a href="http://192.168.1.0/24">192.168.1.0/24</a><br>    rightrsasigkey=0sAQMCfFm...<br>    #<br>    authby=rsasig<br>    auto=start<br><br></div><div class="gmail_extra">config1 - no works.<br></div><div class="gmail_extra">config2 - works.<br></div><div class="gmail_extra"><br></div><div class="gmail_extra">Thanks.<br></div><div class="gmail_extra"><br><div class="gmail_quote">2016-07-26 11:44 GMT+03:00 Paul Wouters <span dir="ltr"><<a target="_blank" href="mailto:paul@nohats.ca">paul@nohats.ca</a>></span>:<br><span class="gmail-"></span><br><span class="gmail-"></span><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">
The config on the libreswan wiki page is correct, so you must<br>
have misunderstood it? You can try sharing the full config<br>
again from one of the branch offices, so we can have a look.<span class="gmail-HOEnZb"><font color="#888888"><br>
<br>
Paul<br>
</font></span></blockquote></div><br>-- <br><div class="gmail_signature">mx</div>
</div></div></div>