[Openswan Users] Road Warrior setup and multi-access with same account
Paul Wouters
pwouters at redhat.com
Thu Mar 15 20:29:29 EDT 2012
On Thu, 15 Mar 2012, Wozzinger wrote:
> In a road warrior style setup and using l2tp/ipsec, is it "ok" (or do
> you have to configure accordingly) to login multiple times using the
> same username/pass/secret or should each connection use its own set of
> credentials?
If you are not assigning a static ip, but from a pool, eg if you have in
your chap-secrets:
username * "password" 10.0.2.0/24
Then I believe it might work.
> I'm wondering if it's OK to use the same set of details
> when connecting from my Mac, Win7 PC and iPhone, sometimes appearing to
> come from the same (NAT'd) IP. Seems to work OK but sometimes a
> connection seems to get left half open and I can no longer re-connect
> using the same device (i.e. iPhone won't work but works fine from Win7
> or Mac OS X box).
That is a separate issue. For that to properly work you need SAref
tracking, which requires a kernel patch and currently only KLIPS
supports in in "mast" mode. For more details see:
https://www.openswan.org/projects/openswan/wiki/L2TPIPsec_configuration_using_openswan_and_xl2tpd
You should be able to find kernels with SAref patches (mostly ubuntu
ones) at http://download.openswan.org/openswan/binaries/
Paul
More information about the Users
mailing list