[Openswan Users] Several connections with same public IP

Paul Wouters paul at xelerance.com
Thu Mar 16 16:38:17 CET 2006


On Thu, 16 Mar 2006, Gwénaël ROUILLEC wrote:

> My VPN server (Linux Openswan U2.4.5dr2/K2.6.12-12mdksmp (netkey) + l2tpns
> + freeradius + mysql) is working very well for a few months.

> The last thing i'd like to make work, it's several connections from users
> situated on a site behind an unique IP address.

>From docs/KNOWN_ISSUES

3)      Multiple L2TP clients behind the same NAT router, and multiple L2TP
        clients behind different NAT routers using the same Virtual IP is
        currently broken. This will not be fixed in the 2.4 series.

        We do not have an ETA on a fix, though work has started on it. If
        you need this fix, or wishes to contribute resources to Xelerance,
        please contact us.

That functionality requires substantial changes to KLIPS, pluto and l2tpd to
keep track of the SA referencens. Work on these enhancements was recently started.

We are currently using "xl2tpd", our code fork of the no longer actively
maintained "l2tpd" daemon. We do not have patches for l2tpns. You will
either need to switch l2tpd daemons, or port the enhancements from
"xl2tpd" to "l2tpns", once the code to support this has been finished.

Initially, this will also not work with NETKEY, but only with KLIPS.

> (I hope I don't need to compile my kernel.)

Sorry, you will end up having to recompile everything. KLIPS, userland, xl2ptd.
For you it will be the worst situation possible, since you will have to change
both kernel stack and l2tp daemon.

We still have no ETA on this enhancement.

Paul


More information about the Users mailing list