When I have the two subnets configured, logread shows:
Mon Jan 27 12:50:10 2020 authpriv.info ipsec: 04[CFG] unable to install policy 192.168.0.0/24 === 192.168.2.0/24 in for reqid 2, the same policy for reqid 1 exists
Mon Jan 27 12:50:10 2020 daemon.info ipsec: 04[CFG] unable to install policy 192.168.0.0/24 === 192.168.2.0/24 in for reqid 2, the same policy for reqid 1 exists
Mon Jan 27 12:50:10 2020 authpriv.info ipsec: 04[CFG] unable to install policy 192.168.0.0/24 === 192.168.2.0/24 fwd for reqid 2, the same policy for reqid 1 exists
Mon Jan 27 12:50:10 2020 daemon.info ipsec: 04[CFG] unable to install policy 192.168.0.0/24 === 192.168.2.0/24 fwd for reqid 2, the same policy for reqid 1 exists
Mon Jan 27 12:50:10 2020 authpriv.info ipsec: 04[CFG] unable to install policy 192.168.2.0/24 === 192.168.168.0/24 out for reqid 2, the same policy for reqid 1 exists
Mon Jan 27 12:50:10 2020 daemon.info ipsec: 04[CFG] unable to install policy 192.168.2.0/24 === 192.168.168.0/24 out for reqid 2, the same policy for reqid 1 exists
Suggesting that it's trying to do 192.168.0.0 twice, and 10.0.0.0 not at all???
Thanks! Yup, I tried that, but that depends on the other side having multiple 'conn's configured, and in this case they don't, and they can't change it as it's in use by lots of their customers/partners.