That's because your configuration is incorrect. Do not set right or left. If you do that, you can't use transport mode anymore while having rightsubnet != right and leftsubnet != left.
Am 21.01.20 um 16:59 schrieb Victor Sudakov: > noel.kuntze+strongswan-users-ml@thermi.consulting wrote: >> https://wiki.strongswan.org/issues/196#note-6 >> >> Tobias is literally the person that wrote the code, so it's extremely likely >> that what he wrote and what the teet scenario successfully tests is what in >> fact works. > > > No, this does not work. Probably it is not suitable for the case where > the rightsubnet belongs to one host, not multiple hosts. IPv6 traffic > remains unencrypted. > > My configs (with real IPs even): > > Host A (has one address) > > conn test-v6 > left=2001:470:35:7af::2 > right=%any > rightsubnet=2001:19f0:8001:1219::/64 > type=transport > authby=psk > auto=route > > Host B (has multiple addresses from a /64 network) > > conn test-v6 > left=%any > leftsubnet=2001:19f0:8001:1219::/64 > right=2001:470:35:7af::2 > type=transport > authby=psk > auto=route > > >
signature.asc
Description: OpenPGP digital signature
