Thanks. I resolved when I use left=172.31.2.1 conn psk ikev2=yes authby=secret left=172.31.2.1 [email protected] leftsubnet=0.0.0.0/0 right=%any rightaddresspool=10.10.0.1-10.10.0.254 modecfgdns=172.31.0.2 rekey=no narrowing=yes fragmentation=yes encapsulation=yes auto=add
But it seems like IPv6 address range is not available in leftsubnet or rightaddresspool with an IPv4 address specified… > On Jul 24, 2023, at 12:25 AM, Paul Wouters <[email protected]> wrote: > > On Sat, 22 Jul 2023, Heting Wang wrote: > >> "ISAKMP_v2_IKE_SA_INIT message received on 172.31.2.1:500 but no suitable >> connection found with IKEv2 policy"r >> I collected more information using plutodebug=tmi > >> Jul 22 22:57:17.604493: | *received 604 bytes from XXXXXXXXXX:500 on eth1 >> 172.31. >> 2.1:500 using UDP > > It does not change my answer. For some reason your connection is loaded > before you had the IP or route in please for left=%defaultroute to pick > it up. You can set left=172.31.2.1 to work around that if it is a static > IP. > > Paul
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
