Hi Aram, > If this is my problem, I don’t understand why the same configuration results > in different behavior now.
It's most likely not the same. As the log tells you, the traffic selectors don't match. The fix is simple: configure either 0.0.0.0/0 or 192.168.3.0/24 as remote traffic selector on your client (i.e. in rightsubnet) so it matches the local traffic selector (i.e. leftsubnet) on the server (with 0.0.0.0/0 it gets narrowed to whatever the server has configured). If rightsubnet is not set it, the remote traffic selector will default to the remote address. Regards, Tobias