[Openswan Users] Ipsec VPN from windows machines

Paul Wouters paul at xelerance.com
Tue Apr 1 21:00:44 EDT 2008


On Tue, 1 Apr 2008, Agent Smith wrote:

> It will work even when the windows system is behind
> NAT but the problem is that you can't have multiple
> NAT clients connecting to a openswan gateway at the
> same time, only one would work.
>
> I am setting this up for 50 or so users and researched
> this some and found some discussions about multiple
> clients working from behind the same NAT router to a
> openswan box running NETKEY and not KLIPS
>
> can someone confirm that this is the case please..

I believe so, but we did not do extensive testing with NETKEY for
this scenario at all.

I do know it does not work in the case of multiple clients on the same
pre-NAT'ed IP address (eg all the clients on the same 192.168.1.101 IP
from a default linksys box)

For that to work, the IPsec SAref code support is needed both on the
IPsec level, and the xl2tpd level.

Paul


More information about the Users mailing list