On 2018-04-24 00:29, Paul Wouters wrote:
On Mon, 23 Apr 2018, Erik Andersson wrote:
conn remote
...
...
right=10.48.28.81
rightid=10.48.28.81
rightsubnets=192.168.110.0/24,50.50.50.0/24
left=%any
...
...
(have also tried rightsubnets={192.168.110.0/24 50.50.50.0/24})
Yields the following error in the pluto.log file:
Apr 23 12:42:48.546899: address family inconsistency in this/that
connection
Apr 23 12:42:48.546970: Failed to load connection "remote/1x1":
attempt to load incomplete connection
That's weird. Can you show the full connection?
conn remote
auto=start
authby=secret
right=10.48.28.81
rightid=10.48.28.81
left=%any
rightsubnets=192.168.110.0/24,50.50.50.0/24
connaddrfamily=ipv4
pfs=yes
nat-keepalive=yes
encapsulation=auto
dpddelay="30"
dpdtimeout="120"
dpdaction=clear
rightmodecfgserver=yes
leftmodecfgclient=yes
modecfgpull=yes
leftaddresspool=10.20.20.0-10.20.20.254
modecfgdns=10.48.254.21
modecfgdomains=example.com
rightxauthserver=yes
leftxauthclient=yes
xauthby=file
rekey=no
Not sure what I'm doing wrong. Is it possible to use the
left/rightsubnets option (multiple subnets) option when working with
modecfg?
Unfortunately, that is only supported on the client side, not the server
side.
Ok good to know.
Also, is the left/rightsubnets option available via whack?
Apparently not..... That's a bug. I will file a bug.
Thanks,
Erik
Paul
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
