On Tue, 29 Mar 2022 13:43:58 +0200 Brady Johnson <[email protected]> wrote:
> The pluto.log in the server doesnt provide any more information. Why > do I get the TS_UNACCEPTABLE error? Right. That means your configurations don't match which is very obvious when looking at your configs below: > > Server and Client configurations: > > conn vpn_server_tunnel > left=10.10.8.8 > [email protected] > leftsubnet=10.10.10.0/24 > leftrsasigkey=%cert > leftcert=vpnserver08.lab.com > leftsendcert=always > > right=%any > rightrsasigkey=%cert > rightid=%fromcert > rightca=%same > > dpddelay=30 > dpdtimeout=120 > dpdaction=clear > auto=add > ikev2=insist > rekey=no > fragmentation=yes > ike=aes256-sha2 > esp=aes256-sha2_512-dh14 > authby=rsa-sha2_512 > ikelifetime=86400s > salifetime=3600s Note: rightsubnet= is missing from this config. add rightsubnet=10.10.50.0/24 and it should work. Likely you also need rightsourceip=<select-one-ip-from 10.10.50.0/24 subnet> if you want to communicate over the tunnel from IPsec endpoint. -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
