[Openswan dev] Multiple clients with same ID behind NAT

Venkat Yekkirala vyekkirala at TrustedCS.com
Tue Oct 2 11:43:59 EDT 2007


I have a setup where all the clients behind a NAT share
the same ID and cert. The VPN Gateway on the other end
has a public IP and X.509 certs are in use.

I am running into problems with running more than
one client behind NAT (dynamic IP). When I start
multiple clients at the same time, only one completes.
The acquires generated on the Gateway for other clients
use the wrong phase1 SA.

Looking at find_phase1_state() it seems to me like clients
sharing the same ID and cert is NOT supported. Or am I
missing something?



More information about the Dev mailing list