Hi all
After upgrading ACS from 4.9.3 (openswan) to 4.11.2 (strongswan), all VPNs with multiple networks have stopped working. Only one of the networks declared in the encryption domain passed traffic. rightsubnet=192.168.198.0/23,192.168.208.0/23,192.168.170.0/23,192.168.234.0 /23,192.168.69.0/24 I changed the configuration manually by creating different Child SAs, one for each network, now all networks work. https://lists.strongswan.org/pipermail/users/2015-November/008966.html Example: #conn for vpn-4.3.2.1 conn vpn-4.3.2.1 left=1.2.3.4 leftsubnet=192.168.101.0/24 right=4.3.2.1 type=tunnel authby=secret keyexchange=ike ike=aes128-sha1-modp1024 ikelifetime=1h esp=aes128-sha1-modp1024 lifetime=8h keyingtries=2 auto=start forceencaps=no dpddelay=30 dpdtimeout=120 dpdaction=restart conn net-192.168.198.0 also=vpn-4.3.2.1 rightsubnet=192.168.198.0/23 auto=start conn net-192.168.208.0 also=vpn-4.3.2.1 rightsubnet=192.168.208.0/23 auto=start conn net-192.168.170.0 also=vpn-4.3.2.1 rightsubnet=192.168.170.0/23 auto=start conn net-192.168.234.0 also=vpn-4.3.2.1 rightsubnet=192.168.234.0/23 auto=start conn net-192.168.69.0 also=vpn-4.3.2.1 rightsubnet=192.168.69.0/24 auto=start Issue: https://github.com/apache/cloudstack/issues/3138
