Hi, > Each gateway B subnets must reach all of gateway A subnets.
Using IKEv2, you can simplify all-to-all subnets and use just a single connection: leftsubnet=10.0.0.0/8,192.168.0.0/16,172.16.0.0.12 rightsubnet=10.21.11.0/24,172.16.0.0/24,10.121.11.0/24 > As you can see, some gateway B subnets address are included in gateway > A subnets. Unfortunately, we currently don't support IP ranges. Splitting this configuration into the correct subnets should be possible, but would require some dozen subnets. > It doesn't work better even with high priority. Please keep in mind that lower priority numbers actually have a higher priority. Have you tried a low priority number (1)? Regards Martin _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
