On Thu, May 31, 2012 at 12:18 +0200, Peter J. Philipp wrote:
> My iked config looks like this:
>
> ikev2 "win7" passive esp \
> from 172.16.20.0/24 to 0.0.0.0/0 local any peer any \
> srcid 10.0.0.1 \
> eap "mschap-v2" \
> config address 172.16.20.1 \
> config name-server 212.18.3.5 \
> tag "$name-$id"
>
i've just realised you made a mistake by exchanging "from" and
"to" specifications. the correct way is:
from 0.0.0.0/0 to 172.16.20.0/24 local any peer any \
it should always read "i provide access from a network behind
MYSELF to a network behind my PEER" regardless of whether you
initiate or a respond. in other words just like in ipsec.conf.
