<div><span style="background-color:#ffffff;color:#000000;float:none;font-family:'arial' , sans-serif;font-size:15px;font-style:normal;font-weight:400;text-decoration-style:initial;text-indent:0px;text-transform:none;white-space:pre-wrap;word-spacing:0px">ightsubnet=192.168.43.5/32</span> not working<br />connection fails with ikev2_child_sa_respond returned STF_FAIL+v2N_TS_UNACCEPTABLE</div><div><br />as i'm write before with rightaddresspool=192.168.43.5-192.168.43.5 all fine</div><div><br /></div><div><br /></div><div>23.04.2020, 18:56, "Paul Wouters" <paul@nohats.ca>:</div><blockquote><p>On Thu, 23 Apr 2020, None None wrote:<br /><br /></p><blockquote class="b4fd5cf2ec92bc68cb898700bb81355fwmi-quote"> Just create separate "conn" section for each certificate common names<br /> i.e.<br />  <br />  <br /> conn ikev2-1st-client<br />  ...<br />   rightid="CN=client1"<br />   rightaddresspool=192.168.43.5-192.168.43.5<br />  <br />  <br /> conn ikev2-2nd-client<br /> ...<br />   rightid="CN=client2"<br />   rightaddresspool=192.168.43.6-192.168.43.6<br />  <br /> And client was bind to ip based on they certificate =)<br /></blockquote><p><br />Yes but I would use rightsubnet=192.168.43.5/32 instead of<br />rightaddresspool.<br /><br />Paul<br /></p></blockquote>