[Openswan Users] Multiple roadwarrior clients behind same NAT
Paul Wouters
paul at xelerance.com
Thu Nov 10 18:02:27 CET 2005
On Thu, 10 Nov 2005, John Riley wrote:
> LAN (192.168.1.0/24) -- VPN GW 206.74.49.20 --- Internet --- 70.147.158.96
> Linksys Router --- LAN (192.168.2.0/24)
>
> VPN Gateway:
>
> Mandrake Linux, kernel version 2.6.8.1-12.mdk (2.6.8 kernel with some patches
> from 2.6.9 iirc)
> OpenSwan Version 2.3.1 (netkey)
You probably want to upgrade to openswan-2.4.x. You might need to upgrade to
linux 2.6.11 too if you run into problems.
> Remote Office clients, Windows XP SP2 with Marcus Meuller's Ipsec policy
> package, with patch that 'undoes' SP2 ipsec
I would personally use the sourceforge lsipsectool.exe, and not the ancient
ipsec.exe that relies on Resource kit things and has no real GUI.
> iptables is configured using MARK so that all traffic arriving on the tunnel
> is allowed, and I can connect any TWO remote office clients to the home office
> net and use all needed services. Sometimes the latency is VERY large even
> though ping times are reasonable (pinging with packets of 56 - 1400 bytes).
> Any attempt to connect any third client fails to get an SA.
Odd.
> As I looked to /var/log/secure on the home office VPN server for clues as to
> why additional clients were failing to get an SA, I noticed constant activity
> (ie, constantly regotiating) for those clients connected. Here is a log
> excerpt for one client connected:
I would really like to know if this still present in 2.4.2rc2.
This might be a bug in rekeying or a fixed bug in picking connections.
Paul
More information about the Users
mailing list