<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Hi Paul,<br>
      Thanks for hint, I'll have a look.<br>
      Just a question, are you using KLIPS or NETKEY?<br>
      <br>
      Thanks<br>
      Renzo<br>
      <br>
      On 21.09.2013 06:06, Paul Young wrote:<br>
    </div>
    <blockquote
cite="mid:CAAEtRDUL40ZyfBRfKdh5okp3zcfRE1t5cSEfm0fdY_UdHnpsLw@mail.gmail.com"
      type="cite">
      <div dir="ltr">Ok,
        <div><br>
        </div>
        <div>Well in my case I basically followed Jacco's tutorial and
          am using xltpd and ppp and it works quite well.</div>
        <div><br>
        </div>
        <div>One of the few things with Openswan that I actually got
          working...........</div>
        <div><br>
        </div>
        <div>Sorry I could not help you more.</div>
        <div><br>
        </div>
        <div>Paul</div>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On 20 September 2013 23:27, Renzo <span
            dir="ltr">&lt;<a moz-do-not-send="true"
              href="mailto:reda@logobject.ch" target="_blank">reda@logobject.ch</a>&gt;</span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div text="#000000" bgcolor="#FFFFFF">
              <div>Hi,<br>
                no there are no overlapping and is a pure ipsec
                connection.<br>
                I've tested with 3 different computers all of them are
                able to connect correctly but not in parallel, as soon
                as the new one is connected the old one is <br>
                <br>
                Thanks<span class="HOEnZb"><font color="#888888"><br>
                    Renzo</font></span>
                <div>
                  <div class="h5"><br>
                    <br>
                    <br>
                    On 20.09.2013 00:20, Paul Young wrote:<br>
                  </div>
                </div>
              </div>
              <div>
                <div class="h5">
                  <blockquote type="cite">
                    <div dir="ltr">
                      <div>Hi,</div>
                      <div><br>
                      </div>
                      Are there&nbsp;overlapping IP assignments from behind
                      different and the same NAT routers?
                      <div><br>
                      </div>
                      <div>As Netkey does not support that in the same
                        way that KLIPS does.</div>
                      <div> <br>
                      </div>
                      <div>Also is this pure ipsec connection or is
                        l2tp\ppp involved at all?</div>
                      <div><br>
                      </div>
                      <div>Sorry that does not directly answer your
                        question.</div>
                      <div><br>
                      </div>
                      <div>I am pretty new to all of this myself</div>
                    </div>
                    <div class="gmail_extra"><br>
                      <br>
                      <div class="gmail_quote">On 19 September 2013
                        22:24, Renzo <span dir="ltr">&lt;<a
                            moz-do-not-send="true"
                            href="mailto:reda@logobject.ch"
                            target="_blank">reda@logobject.ch</a>&gt;</span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0
                          0 0 .8ex;border-left:1px #ccc
                          solid;padding-left:1ex"> Hi,<br>
                          We are trying to configure a roadwarriors
                          &nbsp;vpn, here the configuration we have:<br>
                          <br>
                          <br>
                          <br>
                          <br>
                          version 2.0 &nbsp; &nbsp; # conforms to second version
                          of ipsec.conf specification<br>
                          config setup<br>
                          &nbsp; &nbsp; &nbsp; &nbsp; nat_traversal=yes<br>
                          virtual_private=%v4:<a moz-do-not-send="true"
href="http://10.0.0.0/8,%v4:%2110.11.0.0/16,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10"
                            target="_blank">10.0.0.0/8,%v4:!10.11.0.0/16,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10</a><br>
                          &nbsp; &nbsp; &nbsp; &nbsp; oe=off<br>
                          &nbsp; &nbsp; &nbsp; &nbsp; protostack=netkey<br>
                          &nbsp; &nbsp; &nbsp; &nbsp; uniqueids=no<br>
                          # roadwarrior<br>
                          conn roadwarriors<br>
                          &nbsp; &nbsp; &nbsp;authby=secret<br>
                          &nbsp; &nbsp; &nbsp;left=%defaultroute<br>
                          &nbsp; &nbsp; &nbsp;leftid=ourExternaIp<br>
                          &nbsp; &nbsp; &nbsp;leftsubnet=<a moz-do-not-send="true"
                            href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
                          &nbsp; &nbsp; &nbsp;leftxauthserver=yes<br>
                          &nbsp; &nbsp; &nbsp;right=%any<br>
                          &nbsp; &nbsp; &nbsp;rightid=%any<br>
                          &nbsp; &nbsp; &nbsp;rightsubnet=<a moz-do-not-send="true"
                            href="http://10.11.4.0/24" target="_blank">10.11.4.0/24</a><br>
                          &nbsp; &nbsp; &nbsp;rightxauthclient=yes<br>
                          &nbsp; &nbsp; &nbsp;dpddelay=30<br>
                          &nbsp; &nbsp; &nbsp;dpdtimeout=120<br>
                          &nbsp; &nbsp; &nbsp;dpdaction=clear<br>
                          &nbsp; &nbsp; &nbsp;rekey=no<br>
                          &nbsp; &nbsp; &nbsp;ikelifetime=3h<br>
                          &nbsp; &nbsp; &nbsp;salifetime=3h<br>
                          &nbsp; &nbsp; &nbsp;aggrmode=no<br>
                          &nbsp; &nbsp; &nbsp;ike=3des-sha1;modp1024<br>
                          &nbsp; &nbsp; &nbsp;type=tunnel<br>
                          &nbsp; &nbsp; &nbsp;phase2=esp<br>
                          &nbsp; &nbsp; &nbsp;phase2alg=3des-sha1;modp1024<br>
                          &nbsp; &nbsp; &nbsp;modecfgdns1=10.11.1.1<br>
                          &nbsp; &nbsp; &nbsp;auto=add<br>
                          <br>
                          It works really fine until only one remote pc
                          is connected.<br>
                          As soon as another user try to connect, the
                          server close the old tunnel and create the new
                          one.<br>
                          I.e. only one user a time can connect through
                          the vpn.<br>
                          Any suggestion?<br>
                          <br>
                          <br>
                          # uname -a<br>
                          Linux alixg 3.8.2 #3 Mon Mar 4 09:32:22 CET
                          2013 i586 Geode(TM) Integrated Processor by
                          AMD PCS AuthenticAMD GNU/Linux<br>
                          <br>
                          # ipsec --version<br>
                          Linux Openswan U2.6.38/K3.8.2 (netkey)<br>
                          <br>
                          <br>
                          Thanks for your time<br>
                          Renzo<br>
                          <br>
                          <br>
_______________________________________________<br>
                          <a moz-do-not-send="true"
                            href="mailto:Users@lists.openswan.org"
                            target="_blank">Users@lists.openswan.org</a><br>
                          <a moz-do-not-send="true"
                            href="https://lists.openswan.org/mailman/listinfo/users"
                            target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
                          Micropayments: <a moz-do-not-send="true"
                            href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy"
                            target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
                          Building and Integrating Virtual Private
                          Networks with Openswan:<br>
                          <a moz-do-not-send="true"
href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155"
                            target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                  </blockquote>
                  <br>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </body>
</html>