[Openswan Users] How many connections per NAT'd address?

Paul Wouters paul at xelerance.com
Wed Sep 6 09:49:55 EDT 2006

On Wed, 6 Sep 2006, Rick Romero wrote:

> I have a OpenSwan VPN that's been working beautifully with XP SP2
> clients for a couple weeks now.   I have one partner who have multiple
> machines in his network that need to access our VPN.   Our VPN is on the
> public network, but his 4 machines are all behind a firewall.
> Yesterday he was getting a 'security negotiation timed-out' on two
> machines, but one was connected just fine.   These machines had worked
> in the past, and no changes have been made.
> Are we limited to one at a time, or is something else going on?

If you are using L2TP, then yes, you are unfortunately still limited to
one client. See: http://lists.openswan.org/pipermail/users/2006-May/009487.html

If you are using normal tunnel mode with lsipsectool or another third
party client on windows, then it should work fine. If it does not, then
your NAT router might be "helping" with IPsec passthrough, and the
solution is to disable the IPsec passthrough option. If you can't
disable IPsec passthrough, it is time for a new NAT router.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list