Hi Kevin, > The routing on the 10.4.0.0 spoke is configured that any communication > to the following subnets > 10.30.0.0/16,10.7.0.0/16,10.6.0.0/16,10.3.0.0/16,172.16.0.0/16 > will be routed to the Strongswan VPN gateway public IP (I've yet to > setup the tunnels for 10.30.0.0, 10.7.0.0 and 10.3.0.0)
How did you configure the spokes? Did you specify all those subnets in righsubnet? Or did you use rightsubnet=0.0.0.0/0 so that the gateway can narrow the subnets to whatever it has configured as leftsubnet? Configuring the subnets as leftsubnet on the gateway is correct, even if it doesn't have an IP address in any of them installed. As seen, the daemon will complain that it can't find a local address that is contained in the traffic selector, but that only means that it will not install a source route, which is fine for the subnets it is not directly attached to. Regards, Tobias _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users