<div dir="ltr">Hi guys<br><br>I need a little help.... is about vpn, but not specifically....<br><br>I Have one Linux Firewall (kernel 2.6 - Rhel5), and 2 workstations starting connections using ipsec for a openswan remote server (not my authority), and i have problems to connect the clients <font size="2"></font><font size="2"><font color="#000000">simultaneously</font></font>, the firs connect sucessfull, but te second connect and not works, the ESP requisitions of second client is not masquerade, only the first, I created some firewall rules to permit ESP, using NAT, FWMARK tried use options -m esp --espspi on iptables, but not works.<br>
<br>I have one Cisco ASA, and using it as Gateway of workstations, te connections works.. I only used te commands:<br>#sysopt connection permit-ipsec<br><br><br><br>#Rules in firewall<br><br>iptables -t nat -I POSTROUTING -s $IP_1 -p esp -j MASQUERADE <br clear="all">
iptables -t nat -I POSTROUTING -s $IP_2 -p esp -j MASQUERADE <br>iptables -t nat -I POSTROUTING -s $IP_1 -p ah -j MASQUERADE <br clear="all">iptables -t nat -I POSTROUTING -s $IP_2 -p ah -j MASQUERADE <br>iptables -t nat -I POSTROUTING -s $IP_1 -p udp --dport 500 -j MASQUERADE <br clear="all">
iptables -t nat -I POSTROUTING -s $IP_2 -p udp --dport 500 -j MASQUERADE <br><br>Tried alter esp rules using espspi<br><br>iptables -t nat -I POSTROUTING -s $IP_1 -m esp -p esp --espspi 500 -j MASQUERADE <br clear="all">
iptables -t nat -I POSTROUTING -s $IP_2 -m esp -p esp --espspi 501 -j MASQUERADE <br><br><br><br>Regards<br>-- <br>#========================#<br> Felipe Santos '<\( Rasputin )/>' <br> <a href="mailto:felipe.nix@gmail.com">felipe.nix@gmail.com</a> <br>
LPI ID: LPI000123744<br> <a href="http://br.groups.yahoo.com/group/openswan-br">http://br.groups.yahoo.com/group/openswan-br</a><br>#========================#<br>
</div>