<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Hi,</div><div><br></div><div>I'm running Linux Libreswan 3.15 (netkey) on 2.6.32-754.2.1.el6.x86_64 <br></div><div><br></div><div>I have two connection on east.<br></div><div dir="ltr"></div><div dir="ltr"><br></div><div dir="ltr">
<span class="gmail-gI"><span>conn test#<a href="http://0.0.0.0/0">0.0.0.0/0</a><br>        type=transport<br>        authby=null<br>        leftid=@mesh<br>        rightid=@mesh<br>        left=%defaultroute<br>        right=0.0.0.0<br>        negotiationshunt=hold<br>        failureshunt=drop<br>        ikev2=insist<br>        auto=add<br>        dpddelay=1<br>        dpdtimeout=3<br>        dpdaction=restart<br>        rekey=yes<br>        retransmit-timeout=5<br>        narrowing=yes<br></span></span></div><div dir="ltr"><span class="gmail-gI"><span><br></span></span></div><div dir="ltr"><span class="gmail-gI"><span>conn conman-pool-server<br>        type=tunnel<br>        authby=null<br>        leftid=@server<br>        rightid=@client<br>        left=%defaultroute<br>        leftsubnet=<a href="http://192.168.99.0/24">192.168.99.0/24</a><br>        leftsourceip=192.168.99.9<br>        right=<a href="http://10.1.190.120/29">10.1.190.120/29</a><br>        rightaddresspool=192.168.99.10-192.168.99.254<br>        negotiationshunt=hold</span></span></div><div dir="ltr"><span class="gmail-gI"><span>        failureshunt=drop<br>        ikev2=insist<br>        dpddelay=1<br>        dpdtimeout=3<br>        dpdaction=restart<br>        rekey=yes<br>        retransmit-timeout=5<br>        forceencaps=yes<br>        leftmodecfgserver=yes<br>        rightmodecfgclient=yes<br>        modecfgpull=yes<br></span></span></div><div dir="ltr"><span class="gmail-gI"><span><br></span></span></div><div><span class="gmail-gI"><span>On west, I have the following connection:</span></span></div><div><span class="gmail-gI"><span><br></span></span></div><div><span class="gmail-gI"><span>conn conman-pool-client<br>        type=tunnel<br>        authby=null<br>        leftid=@client<br>        rightid=@server<br>        left=%defaultroute<br>        right=10.1.190.78<br>        rightsubnet=<a href="http://192.168.99.0/24">192.168.99.0/24</a><br>        negotiationshunt=hold<br>        failureshunt=drop<br>        ikev2=insist<br>        auto=route<br>        dpddelay=1<br>        dpdtimeout=3<br>        dpdaction=restart<br>        rekey=yes<br>        retransmit-timeout=5<br>        forceencaps=yes<br>        leftmodecfgclient=yes<br>        rightmodecfgserver=yes<br>        modecfgpull=yes<br></span></span></div><div><span class="gmail-gI"><span><br></span></span></div><div><span class="gmail-gI"><span>When the connection is initiated by west, it matches 
<span class="gmail-gI"><span>test#<a href="http://0.0.0.0/0">0.0.0.0/0</a></span></span> on east, which is not what I would expect. I would have thought the mismatched left/right IDs would have caused the system to find a better match - 
<span class="gmail-gI"><span>conman-pool-server</span></span>. Am I missing something here?</span></span></div><div><span class="gmail-gI"><span><br></span></span></div><div><span class="gmail-gI"><span>Best regards,</span></span></div><div><span class="gmail-gI"><span><br></span></span></div><div><span class="gmail-gI"><span>Matt<br></span></span>

</div></div></div></div></div></div></div></div>