<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cordia New";
panose-1:2 11 3 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=EN-US link=blue vlink="#954F72"><div class=WordSection1><p class=MsoNormal>Hi Joe,</p><p class=MsoNormal>Currently I have Libreswan-3.21rc5/CenOS6.9, it working fine either ikev1 or ikev2 –<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>But I’m planed and testing for updating to CentOS7.X/Libreswan-3.26, as mentioned on previous email <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I;’ve configuration that working fine with IKEv1, just only change to IKEv2 … <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Libreswan keep initial phase 1 for both/all subnet and “YES” as you said its only work latest subnet that we “ipssec auto –up ….”<o:p></o:p></p><p class=MsoNormal> </p><p class=MsoNormal>Sent from <a href="https://go.microsoft.com/fwlink/?LinkId=550986">Mail</a> for Windows 10</p><p class=MsoNormal><o:p> </o:p></p><div style='mso-element:para-border-div;border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='border:none;padding:0in'><b>From: </b><a href="mailto:Joe.Madden@mottmac.com">Madden, Joe</a><br><b>Sent: </b>Thursday, September 27, 2018 22:31<br><b>To: </b><a href="mailto:khvastunov@gmail.com">Eugeniy Khvastunov</a>; <a href="mailto:nick@howitts.co.uk">nick@howitts.co.uk</a><br><b>Cc: </b><a href="mailto:swan@lists.libreswan.org">swan@lists.libreswan.org</a><br><b>Subject: </b>Re: [Swan] rightsubnets</p></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b><span lang=EN-GB>In all cases work only last subnet from list.<o:p></o:p></span></b></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>I had the same issue with a StrongSwan instance as the remote end.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>This was the issue:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB><a href="https://www.mail-archive.com/search?l=swan@lists.libreswan.org&q=subject:%22Re%5C%3A+%5C%5BSwan%5C%5D+Tunnels+coming+establishing+and+dropping+quickly%22&o=newest&f=1">https://www.mail-archive.com/search?l=swan@lists.libreswan.org&q=subject:%22Re%5C%3A+%5C%5BSwan%5C%5D+Tunnels+coming+establishing+and+dropping+quickly%22&o=newest&f=1</a><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><b>From:</b> Swan <swan-bounces@lists.libreswan.org> <b>On Behalf Of </b>Eugeniy Khvastunov<br><b>Sent:</b> 27 September 2018 15:50<br><b>To:</b> nick@howitts.co.uk<br><b>Cc:</b> swan@lists.libreswan.org<br><b>Subject:</b> Re: [Swan] rightsubnets<o:p></o:p></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><div><div><div><p class=MsoNormal><span lang=EN-GB>In all cases work only last subnet from list.<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-GB>P.S.: libreswan-3.23-5.el7_5.x86_64<o:p></o:p></span></p></div></div></div><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><div><div><p class=MsoNormal><span lang=EN-GB>On Thu, Sep 27, 2018 at 5:46 PM Nick Howitt <<a href="mailto:nick@howitts.co.uk">nick@howitts.co.uk</a>> wrote:<o:p></o:p></span></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:4.8pt'><span lang=EN-GB>AFAIK the first and second work. At a guess the third might. Try it and see if you connections instantiate as expected.<o:p></o:p></span></p><div><p class=MsoNormal style='margin-left:4.8pt'><span lang=EN-GB>On 27/09/2018 15:41, Eugeniy Khvastunov wrote:<o:p></o:p></span></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><div><div><div><p class=MsoNormal style='margin-left:40.8pt'><span lang=EN-GB>Hi all!<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:40.8pt'><span lang=EN-GB>What is right way to put in config more than one subnet?<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:40.8pt'><span lang=EN-GB>On some forums i find:<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:40.8pt'><span lang=EN-GB>rightsubnets={<a href="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2F172.16.1.0%2F24&data=01%7C01%7Cjoe.madden%40mottmac.com%7C65e03a34f6684a929a5808d624888a4d%7Ca2bed0c459574f73b0c2a811407590fb%7C0&sdata=GbjwU28sPd7w7x1cMqVZTLYhbtRgqDd8c1cx7lrmkQM%3D&reserved=0" target="_blank">172.16.1.0/24</a> <a href="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2F192.168.3.0%2F24&data=01%7C01%7Cjoe.madden%40mottmac.com%7C65e03a34f6684a929a5808d624888a4d%7Ca2bed0c459574f73b0c2a811407590fb%7C0&sdata=x%2B6O7nSUEImPrXIFIMJ0MdV0SXpyrmES3xKba1u3NQU%3D&reserved=0" target="_blank">192.168.3.0/24</a>}<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:40.8pt'><span lang=EN-GB>rightsubnets={<a href="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2F172.16.1.0%2F24%2C192.168.3.0%2F24&data=01%7C01%7Cjoe.madden%40mottmac.com%7C65e03a34f6684a929a5808d624888a4d%7Ca2bed0c459574f73b0c2a811407590fb%7C0&sdata=Rkppw5jIf7qAsG1C903XqSpeRLzP1Sf1rorARY7A4qc%3D&reserved=0" target="_blank">172.16.1.0/24,192.168.3.0/24</a>}<br>rightsubnets={<a href="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2F172.16.1.0%2F24%2C192.168.3.0%2F24%2C&data=01%7C01%7Cjoe.madden%40mottmac.com%7C65e03a34f6684a929a5808d624888a4d%7Ca2bed0c459574f73b0c2a811407590fb%7C0&sdata=HFopRlaSgYvtXh0b5iy7VUlIxyf4FrxKYkM3i6gG6oE%3D&reserved=0" target="_blank">172.16.1.0/24,192.168.3.0/24,</a>}<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:40.8pt'><span lang=EN-GB>What variant right?<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:40.8pt'><span lang=EN-GB>-- <o:p></o:p></span></p><div><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:40.8pt'><span lang=EN-GB>wbr. Eugeniy Khvastunov,<br> System administrator.<br> [FMGH-UANIC]<br> <a href="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblog.unlimite.net&data=01%7C01%7Cjoe.madden%40mottmac.com%7C65e03a34f6684a929a5808d624888a4d%7Ca2bed0c459574f73b0c2a811407590fb%7C0&sdata=0bB5UC4y6lZ3hCLB2nqHjSjRniLTezNpb5ZZoyyZAzw%3D&reserved=0" target="_blank">http://blog.unlimite.net</a><o:p></o:p></span></p></div></div></div></div></div></div><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:40.8pt'><span lang=EN-GB><o:p> </o:p></span></p><pre><span lang=EN-GB>_______________________________________________<o:p></o:p></span></pre><pre><span lang=EN-GB>Swan mailing list<o:p></o:p></span></pre><pre><span lang=EN-GB><a href="mailto:Swan@lists.libreswan.org" target="_blank">Swan@lists.libreswan.org</a><o:p></o:p></span></pre><pre><span lang=EN-GB><a href="https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.libreswan.org%2Fmailman%2Flistinfo%2Fswan&data=01%7C01%7Cjoe.madden%40mottmac.com%7C65e03a34f6684a929a5808d624888a4d%7Ca2bed0c459574f73b0c2a811407590fb%7C0&sdata=2bQzk%2B1Dt6DPVB3UZcabSsWoYTRwXUIl9hPhrH1du14%3D&reserved=0" target="_blank">https://lists.libreswan.org/mailman/listinfo/swan</a><o:p></o:p></span></pre></blockquote><p class=MsoNormal style='margin-left:4.8pt'><span lang=EN-GB><o:p> </o:p></span></p></div><p class=MsoNormal style='margin-left:4.8pt'><span lang=EN-GB>_______________________________________________<br>Swan mailing list<br><a href="mailto:Swan@lists.libreswan.org" target="_blank">Swan@lists.libreswan.org</a><br><a href="https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.libreswan.org%2Fmailman%2Flistinfo%2Fswan&data=01%7C01%7Cjoe.madden%40mottmac.com%7C65e03a34f6684a929a5808d624888a4d%7Ca2bed0c459574f73b0c2a811407590fb%7C0&sdata=2bQzk%2B1Dt6DPVB3UZcabSsWoYTRwXUIl9hPhrH1du14%3D&reserved=0" target="_blank">https://lists.libreswan.org/mailman/listinfo/swan</a><o:p></o:p></span></p></blockquote></div><p class=MsoNormal><span lang=EN-GB><br clear=all><br>-- <o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-GB>wbr. Eugeniy Khvastunov,<br> System administrator.<br> [FMGH-UANIC]<br> <a href="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblog.unlimite.net&data=01%7C01%7Cjoe.madden%40mottmac.com%7C65e03a34f6684a929a5808d624888a4d%7Ca2bed0c459574f73b0c2a811407590fb%7C0&sdata=0bB5UC4y6lZ3hCLB2nqHjSjRniLTezNpb5ZZoyyZAzw%3D&reserved=0" target="_blank">http://blog.unlimite.net</a><o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>