<div dir="ltr"><div><a href="https://cloud.google.com/network-connectivity/docs/vpn/concepts/choosing-networks-routing#ts-ip-ranges">https://cloud.google.com/network-connectivity/docs/vpn/concepts/choosing-networks-routing#ts-ip-ranges</a> says:</div><div><br></div><div><strong style="box-sizing:inherit;font-weight:700;margin-top:0px;color:rgb(1,87,155);font-family:Roboto,"Noto Sans","Noto Sans JP","Noto Sans KR","Noto Naskh Arabic","Noto Sans Thai","Noto Sans Hebrew","Noto Sans Bengali",sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Important:</strong><span style="box-sizing:inherit;margin-bottom:0px;color:rgb(1,87,155);font-family:Roboto,"Noto Sans","Noto Sans JP","Noto Sans KR","Noto Naskh Arabic","Noto Sans Thai","Noto Sans Hebrew","Noto Sans Bengali",sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><span> </span>When using IKEv2, your peer VPN gateway<span> </span><em style="box-sizing:inherit;font-style:italic">must</em><span> </span>accept all of the CIDRs in each traffic selector using a single Child SA. Not all VPN gateways support this. VPN gateways that create a unique Child SA per CIDR are<span> </span><strong style="box-sizing:inherit;font-weight:700">not</strong><span> </span>compatible with Cloud VPN.</span></div><div><br></div><div>Does Libreswan support this? I tried Strongswan and that worked, but couldn't get it to work with Libreswan.</div><div><br></div><div>Thanks!</div><div>Frank<br></div><div><br></div></div>