<div dir="ltr"><br>Hi Renzo,<div><br></div><div>We are using Netkey - which of course has some draw backs if more then one road warrior tries to come in from the same subnet range and it does not support SAref.</div><div><br>
</div><div>Paul</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 23 September 2013 16:30, Renzo <span dir="ltr">&lt;<a href="mailto:reda@logobject.ch" target="_blank">reda@logobject.ch</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <div>Hi Paul,<br>
      Thanks for hint, I&#39;ll have a look.<br>
      Just a question, are you using KLIPS or NETKEY?<br>
      <br>
      Thanks<span class="HOEnZb"><font color="#888888"><br>
      Renzo</font></span><div><div class="h5"><br>
      <br>
      On <a href="tel:21.09.2013%2006" value="+12109201306" target="_blank">21.09.2013 06</a>:06, Paul Young wrote:<br>
    </div></div></div><div><div class="h5">
    <blockquote type="cite">
      <div dir="ltr">Ok,
        <div><br>
        </div>
        <div>Well in my case I basically followed Jacco&#39;s tutorial and
          am using xltpd and ppp and it works quite well.</div>
        <div><br>
        </div>
        <div>One of the few things with Openswan that I actually got
          working...........</div>
        <div><br>
        </div>
        <div>Sorry I could not help you more.</div>
        <div><br>
        </div>
        <div>Paul</div>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On 20 September 2013 23:27, Renzo <span dir="ltr">&lt;<a href="mailto:reda@logobject.ch" target="_blank">reda@logobject.ch</a>&gt;</span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div text="#000000" bgcolor="#FFFFFF">
              <div>Hi,<br>
                no there are no overlapping and is a pure ipsec
                connection.<br>
                I&#39;ve tested with 3 different computers all of them are
                able to connect correctly but not in parallel, as soon
                as the new one is connected the old one is <br>
                <br>
                Thanks<span><font color="#888888"><br>
                    Renzo</font></span>
                <div>
                  <div><br>
                    <br>
                    <br>
                    On 20.09.2013 00:20, Paul Young wrote:<br>
                  </div>
                </div>
              </div>
              <div>
                <div>
                  <blockquote type="cite">
                    <div dir="ltr">
                      <div>Hi,</div>
                      <div><br>
                      </div>
                      Are there overlapping IP assignments from behind
                      different and the same NAT routers?
                      <div><br>
                      </div>
                      <div>As Netkey does not support that in the same
                        way that KLIPS does.</div>
                      <div> <br>
                      </div>
                      <div>Also is this pure ipsec connection or is
                        l2tp\ppp involved at all?</div>
                      <div><br>
                      </div>
                      <div>Sorry that does not directly answer your
                        question.</div>
                      <div><br>
                      </div>
                      <div>I am pretty new to all of this myself</div>
                    </div>
                    <div class="gmail_extra"><br>
                      <br>
                      <div class="gmail_quote">On 19 September 2013
                        22:24, Renzo <span dir="ltr">&lt;<a href="mailto:reda@logobject.ch" target="_blank">reda@logobject.ch</a>&gt;</span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hi,<br>
                          We are trying to configure a roadwarriors
                           vpn, here the configuration we have:<br>
                          <br>
                          <br>
                          <br>
                          <br>
                          version 2.0     # conforms to second version
                          of ipsec.conf specification<br>
                          config setup<br>
                                  nat_traversal=yes<br>
                          virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:%2110.11.0.0/16,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10" target="_blank">10.0.0.0/8,%v4:!10.11.0.0/16,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10</a><br>

                                  oe=off<br>
                                  protostack=netkey<br>
                                  uniqueids=no<br>
                          # roadwarrior<br>
                          conn roadwarriors<br>
                               authby=secret<br>
                               left=%defaultroute<br>
                               leftid=ourExternaIp<br>
                               leftsubnet=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
                               leftxauthserver=yes<br>
                               right=%any<br>
                               rightid=%any<br>
                               rightsubnet=<a href="http://10.11.4.0/24" target="_blank">10.11.4.0/24</a><br>
                               rightxauthclient=yes<br>
                               dpddelay=30<br>
                               dpdtimeout=120<br>
                               dpdaction=clear<br>
                               rekey=no<br>
                               ikelifetime=3h<br>
                               salifetime=3h<br>
                               aggrmode=no<br>
                               ike=3des-sha1;modp1024<br>
                               type=tunnel<br>
                               phase2=esp<br>
                               phase2alg=3des-sha1;modp1024<br>
                               modecfgdns1=10.11.1.1<br>
                               auto=add<br>
                          <br>
                          It works really fine until only one remote pc
                          is connected.<br>
                          As soon as another user try to connect, the
                          server close the old tunnel and create the new
                          one.<br>
                          I.e. only one user a time can connect through
                          the vpn.<br>
                          Any suggestion?<br>
                          <br>
                          <br>
                          # uname -a<br>
                          Linux alixg 3.8.2 #3 Mon Mar 4 09:32:22 CET
                          2013 i586 Geode(TM) Integrated Processor by
                          AMD PCS AuthenticAMD GNU/Linux<br>
                          <br>
                          # ipsec --version<br>
                          Linux Openswan U2.6.38/K3.8.2 (netkey)<br>
                          <br>
                          <br>
                          Thanks for your time<br>
                          Renzo<br>
                          <br>
                          <br>
_______________________________________________<br>
                          <a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a><br>
                          <a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
                          Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
                          Building and Integrating Virtual Private
                          Networks with Openswan:<br>
                          <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                  </blockquote>
                  <br>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </div></div></div>

</blockquote></div><br></div>