<div dir="ltr"><br>Hi Renzo,<div><br></div><div>We are using Netkey - which of course has some draw backs if more then one road warrior tries to come in from the same subnet range and it does not support SAref.</div><div><br>
</div><div>Paul</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 23 September 2013 16:30, Renzo <span dir="ltr"><<a href="mailto:reda@logobject.ch" target="_blank">reda@logobject.ch</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Hi Paul,<br>
Thanks for hint, I'll have a look.<br>
Just a question, are you using KLIPS or NETKEY?<br>
<br>
Thanks<span class="HOEnZb"><font color="#888888"><br>
Renzo</font></span><div><div class="h5"><br>
<br>
On <a href="tel:21.09.2013%2006" value="+12109201306" target="_blank">21.09.2013 06</a>:06, Paul Young wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">Ok,
<div><br>
</div>
<div>Well in my case I basically followed Jacco's tutorial and
am using xltpd and ppp and it works quite well.</div>
<div><br>
</div>
<div>One of the few things with Openswan that I actually got
working...........</div>
<div><br>
</div>
<div>Sorry I could not help you more.</div>
<div><br>
</div>
<div>Paul</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On 20 September 2013 23:27, Renzo <span dir="ltr"><<a href="mailto:reda@logobject.ch" target="_blank">reda@logobject.ch</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Hi,<br>
no there are no overlapping and is a pure ipsec
connection.<br>
I've tested with 3 different computers all of them are
able to connect correctly but not in parallel, as soon
as the new one is connected the old one is <br>
<br>
Thanks<span><font color="#888888"><br>
Renzo</font></span>
<div>
<div><br>
<br>
<br>
On 20.09.2013 00:20, Paul Young wrote:<br>
</div>
</div>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi,</div>
<div><br>
</div>
Are there overlapping IP assignments from behind
different and the same NAT routers?
<div><br>
</div>
<div>As Netkey does not support that in the same
way that KLIPS does.</div>
<div> <br>
</div>
<div>Also is this pure ipsec connection or is
l2tp\ppp involved at all?</div>
<div><br>
</div>
<div>Sorry that does not directly answer your
question.</div>
<div><br>
</div>
<div>I am pretty new to all of this myself</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On 19 September 2013
22:24, Renzo <span dir="ltr"><<a href="mailto:reda@logobject.ch" target="_blank">reda@logobject.ch</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hi,<br>
We are trying to configure a roadwarriors
vpn, here the configuration we have:<br>
<br>
<br>
<br>
<br>
version 2.0 # conforms to second version
of ipsec.conf specification<br>
config setup<br>
nat_traversal=yes<br>
virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:%2110.11.0.0/16,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10" target="_blank">10.0.0.0/8,%v4:!10.11.0.0/16,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10</a><br>
oe=off<br>
protostack=netkey<br>
uniqueids=no<br>
# roadwarrior<br>
conn roadwarriors<br>
authby=secret<br>
left=%defaultroute<br>
leftid=ourExternaIp<br>
leftsubnet=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
leftxauthserver=yes<br>
right=%any<br>
rightid=%any<br>
rightsubnet=<a href="http://10.11.4.0/24" target="_blank">10.11.4.0/24</a><br>
rightxauthclient=yes<br>
dpddelay=30<br>
dpdtimeout=120<br>
dpdaction=clear<br>
rekey=no<br>
ikelifetime=3h<br>
salifetime=3h<br>
aggrmode=no<br>
ike=3des-sha1;modp1024<br>
type=tunnel<br>
phase2=esp<br>
phase2alg=3des-sha1;modp1024<br>
modecfgdns1=10.11.1.1<br>
auto=add<br>
<br>
It works really fine until only one remote pc
is connected.<br>
As soon as another user try to connect, the
server close the old tunnel and create the new
one.<br>
I.e. only one user a time can connect through
the vpn.<br>
Any suggestion?<br>
<br>
<br>
# uname -a<br>
Linux alixg 3.8.2 #3 Mon Mar 4 09:32:22 CET
2013 i586 Geode(TM) Integrated Processor by
AMD PCS AuthenticAMD GNU/Linux<br>
<br>
# ipsec --version<br>
Linux Openswan U2.6.38/K3.8.2 (netkey)<br>
<br>
<br>
Thanks for your time<br>
Renzo<br>
<br>
<br>
_______________________________________________<br>
<a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private
Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br></div>