Code: Select all
add address-pool="ipsec ikev2 vpn.domaint.ldl" address-prefix-length=32 name=\
ike2-conf split-include=10.0.0.0/8
add address-pool=ipsec_user1 address-prefix-length=32 name=user1-ipsec \
split-include=10.0.0.0/8
Now I would like to have all traffic of one of the road warriors going through the tunnel so I thought, let's create one mode-config with split-include=0.0.0.0/0 and assign it to an identity.
Code: Select all
add address-pool=ipsec_user address-prefix-length=32 name=ipsec_user_all_in \
split-include=0.0.0.0/0
Code: Select all
add auth-method=digital-signature certificate=vpn.domain.tld generate-policy=\
port-strict match-by=certificate mode-config=ipsec_user_all_in peer=ike2 \
policy-template-group=ike2-policies remote-certificate=userdomain.tld \
remote-id=user-fqdn:user@domain.tld
I am missing something simple, but do not not know what. Any help greatly appreciated.