[Openswan Users] Ipsec VPN from windows machines

Paul Wouters paul at xelerance.com
Tue Apr 1 21:00:44 EDT 2008

On Tue, 1 Apr 2008, Agent Smith wrote:

> It will work even when the windows system is behind
> NAT but the problem is that you can't have multiple
> NAT clients connecting to a openswan gateway at the
> same time, only one would work.
> I am setting this up for 50 or so users and researched
> this some and found some discussions about multiple
> clients working from behind the same NAT router to a
> openswan box running NETKEY and not KLIPS
> can someone confirm that this is the case please..

I believe so, but we did not do extensive testing with NETKEY for
this scenario at all.

I do know it does not work in the case of multiple clients on the same
pre-NAT'ed IP address (eg all the clients on the same IP
from a default linksys box)

For that to work, the IPsec SAref code support is needed both on the
IPsec level, and the xl2tpd level.


More information about the Users mailing list