<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>openswan does not support xauth for pools of road warriors. use libreswan or strongswan for that.</div><div><br></div><div>you can try workarounds like uniqueids=no but in the end you really need a dhcp pool for your ipsec server which openswan does not have<br><br>sent from a tiny device </div><div><br>On 2013-09-20, at 9:27, Renzo <<a href="mailto:reda@logobject.ch">reda@logobject.ch</a>> wrote:<br><br></div><blockquote type="cite"><div>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
<div class="moz-cite-prefix">Hi,<br>
no there are no overlapping and is a pure ipsec connection.<br>
I've tested with 3 different computers all of them are able to
connect correctly but not in parallel, as soon as the new one is
connected the old one is <br>
<br>
Thanks<br>
Renzo<br>
<br>
<br>
On 20.09.2013 00:20, Paul Young wrote:<br>
</div>
<blockquote cite="mid:CAAEtRDX4tSnqcWZJaonpPvUATti-Mf5CdraXfts2WDWvP0D-gg@mail.gmail.com" type="cite">
<div dir="ltr">
<div>Hi,</div>
<div><br>
</div>
Are there overlapping IP assignments from behind different and
the same NAT routers?
<div><br>
</div>
<div>As Netkey does not support that in the same way that KLIPS
does.</div>
<div>
<br>
</div>
<div>Also is this pure ipsec connection or is l2tp\ppp involved
at all?</div>
<div><br>
</div>
<div>Sorry that does not directly answer your question.</div>
<div><br>
</div>
<div>I am pretty new to all of this myself</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On 19 September 2013 22:24, Renzo <span dir="ltr"><<a moz-do-not-send="true" href="mailto:reda@logobject.ch" target="_blank">reda@logobject.ch</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
We are trying to configure a roadwarriors vpn, here the
configuration we have:<br>
<br>
<br>
<br>
<br>
version 2.0 # conforms to second version of ipsec.conf
specification<br>
config setup<br>
nat_traversal=yes<br>
virtual_private=%v4:<a moz-do-not-send="true" href="http://10.0.0.0/8,%v4:%2110.11.0.0/16,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10" target="_blank">10.0.0.0/8,%v4:!10.11.0.0/16,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10</a><br>
oe=off<br>
protostack=netkey<br>
uniqueids=no<br>
# roadwarrior<br>
conn roadwarriors<br>
authby=secret<br>
left=%defaultroute<br>
leftid=ourExternaIp<br>
leftsubnet=<a moz-do-not-send="true" href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
leftxauthserver=yes<br>
right=%any<br>
rightid=%any<br>
rightsubnet=<a moz-do-not-send="true" href="http://10.11.4.0/24" target="_blank">10.11.4.0/24</a><br>
rightxauthclient=yes<br>
dpddelay=30<br>
dpdtimeout=120<br>
dpdaction=clear<br>
rekey=no<br>
ikelifetime=3h<br>
salifetime=3h<br>
aggrmode=no<br>
ike=3des-sha1;modp1024<br>
type=tunnel<br>
phase2=esp<br>
phase2alg=3des-sha1;modp1024<br>
modecfgdns1=10.11.1.1<br>
auto=add<br>
<br>
It works really fine until only one remote pc is connected.<br>
As soon as another user try to connect, the server close the
old tunnel and create the new one.<br>
I.e. only one user a time can connect through the vpn.<br>
Any suggestion?<br>
<br>
<br>
# uname -a<br>
Linux alixg 3.8.2 #3 Mon Mar 4 09:32:22 CET 2013 i586
Geode(TM) Integrated Processor by AMD PCS AuthenticAMD
GNU/Linux<br>
<br>
# ipsec --version<br>
Linux Openswan U2.6.38/K3.8.2 (netkey)<br>
<br>
<br>
Thanks for your time<br>
Renzo<br>
<br>
<br>
_______________________________________________<br>
<a moz-do-not-send="true" href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a><br>
<a moz-do-not-send="true" href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a moz-do-not-send="true" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with
Openswan:<br>
<a moz-do-not-send="true" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span><a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a></span><br><span><a href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a></span><br><span>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></span><br><span>Building and Integrating Virtual Private Networks with Openswan:</span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><br></div></blockquote></body></html>