<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>openswan does not support xauth for pools of road warriors. use libreswan or strongswan for that.</div><div><br></div><div>you can try workarounds like uniqueids=no but in the end you really need a dhcp pool for your ipsec server which openswan does not have<br><br>sent from a tiny device&nbsp;</div><div><br>On 2013-09-20, at 9:27, Renzo &lt;<a href="mailto:reda@logobject.ch">reda@logobject.ch</a>&gt; wrote:<br><br></div><blockquote type="cite"><div>
  
    <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
  
  
    <div class="moz-cite-prefix">Hi,<br>
      no there are no overlapping and is a pure ipsec connection.<br>
      I've tested with 3 different computers all of them are able to
      connect correctly but not in parallel, as soon as the new one is
      connected the old one is <br>
      <br>
      Thanks<br>
      Renzo<br>
      <br>
      <br>
      On 20.09.2013 00:20, Paul Young wrote:<br>
    </div>
    <blockquote cite="mid:CAAEtRDX4tSnqcWZJaonpPvUATti-Mf5CdraXfts2WDWvP0D-gg@mail.gmail.com" type="cite">
      <div dir="ltr">
        <div>Hi,</div>
        <div><br>
        </div>
        Are there&nbsp;overlapping IP assignments from behind different and
        the same NAT routers?
        <div><br>
        </div>
        <div>As Netkey does not support that in the same way that KLIPS
          does.</div>
        <div>
          <br>
        </div>
        <div>Also is this pure ipsec connection or is l2tp\ppp involved
          at all?</div>
        <div><br>
        </div>
        <div>Sorry that does not directly answer your question.</div>
        <div><br>
        </div>
        <div>I am pretty new to all of this myself</div>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On 19 September 2013 22:24, Renzo <span dir="ltr">&lt;<a moz-do-not-send="true" href="mailto:reda@logobject.ch" target="_blank">reda@logobject.ch</a>&gt;</span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            Hi,<br>
            We are trying to configure a roadwarriors &nbsp;vpn, here the
            configuration we have:<br>
            <br>
            <br>
            <br>
            <br>
            version 2.0 &nbsp; &nbsp; # conforms to second version of ipsec.conf
            specification<br>
            config setup<br>
            &nbsp; &nbsp; &nbsp; &nbsp; nat_traversal=yes<br>
            virtual_private=%v4:<a moz-do-not-send="true" href="http://10.0.0.0/8,%v4:%2110.11.0.0/16,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10" target="_blank">10.0.0.0/8,%v4:!10.11.0.0/16,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10</a><br>
            &nbsp; &nbsp; &nbsp; &nbsp; oe=off<br>
            &nbsp; &nbsp; &nbsp; &nbsp; protostack=netkey<br>
            &nbsp; &nbsp; &nbsp; &nbsp; uniqueids=no<br>
            # roadwarrior<br>
            conn roadwarriors<br>
            &nbsp; &nbsp; &nbsp;authby=secret<br>
            &nbsp; &nbsp; &nbsp;left=%defaultroute<br>
            &nbsp; &nbsp; &nbsp;leftid=ourExternaIp<br>
            &nbsp; &nbsp; &nbsp;leftsubnet=<a moz-do-not-send="true" href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
            &nbsp; &nbsp; &nbsp;leftxauthserver=yes<br>
            &nbsp; &nbsp; &nbsp;right=%any<br>
            &nbsp; &nbsp; &nbsp;rightid=%any<br>
            &nbsp; &nbsp; &nbsp;rightsubnet=<a moz-do-not-send="true" href="http://10.11.4.0/24" target="_blank">10.11.4.0/24</a><br>
            &nbsp; &nbsp; &nbsp;rightxauthclient=yes<br>
            &nbsp; &nbsp; &nbsp;dpddelay=30<br>
            &nbsp; &nbsp; &nbsp;dpdtimeout=120<br>
            &nbsp; &nbsp; &nbsp;dpdaction=clear<br>
            &nbsp; &nbsp; &nbsp;rekey=no<br>
            &nbsp; &nbsp; &nbsp;ikelifetime=3h<br>
            &nbsp; &nbsp; &nbsp;salifetime=3h<br>
            &nbsp; &nbsp; &nbsp;aggrmode=no<br>
            &nbsp; &nbsp; &nbsp;ike=3des-sha1;modp1024<br>
            &nbsp; &nbsp; &nbsp;type=tunnel<br>
            &nbsp; &nbsp; &nbsp;phase2=esp<br>
            &nbsp; &nbsp; &nbsp;phase2alg=3des-sha1;modp1024<br>
            &nbsp; &nbsp; &nbsp;modecfgdns1=10.11.1.1<br>
            &nbsp; &nbsp; &nbsp;auto=add<br>
            <br>
            It works really fine until only one remote pc is connected.<br>
            As soon as another user try to connect, the server close the
            old tunnel and create the new one.<br>
            I.e. only one user a time can connect through the vpn.<br>
            Any suggestion?<br>
            <br>
            <br>
            # uname -a<br>
            Linux alixg 3.8.2 #3 Mon Mar 4 09:32:22 CET 2013 i586
            Geode(TM) Integrated Processor by AMD PCS AuthenticAMD
            GNU/Linux<br>
            <br>
            # ipsec --version<br>
            Linux Openswan U2.6.38/K3.8.2 (netkey)<br>
            <br>
            <br>
            Thanks for your time<br>
            Renzo<br>
            <br>
            <br>
            _______________________________________________<br>
            <a moz-do-not-send="true" href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a><br>
            <a moz-do-not-send="true" href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
            Micropayments: <a moz-do-not-send="true" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
            Building and Integrating Virtual Private Networks with
            Openswan:<br>
            <a moz-do-not-send="true" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  

</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span><a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a></span><br><span><a href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a></span><br><span>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></span><br><span>Building and Integrating Virtual Private Networks with Openswan:</span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><br></div></blockquote></body></html>