[Openswan Users] Road Warrior setup and multi-access with same account

Paul Wouters pwouters at redhat.com
Thu Mar 15 20:29:29 EDT 2012

On Thu, 15 Mar 2012, Wozzinger wrote:

> In a road warrior style setup and using l2tp/ipsec, is it "ok" (or do
> you have to configure accordingly) to login multiple times using the
> same username/pass/secret or should each connection use its own set of
> credentials?

If you are not assigning a static ip, but from a pool, eg if you have in
your chap-secrets:

username	*	"password"

Then I believe it might work.

> I'm wondering if it's OK to use the same set of details
> when connecting from my Mac, Win7 PC and iPhone, sometimes appearing to
> come from the same (NAT'd) IP.  Seems to work OK but sometimes a
> connection seems to get left half open and I can no longer re-connect
> using the same device (i.e. iPhone won't work but works fine from Win7
> or Mac OS X box).

That is a separate issue. For that to properly work you need SAref
tracking, which requires a kernel patch and currently only KLIPS
supports in in "mast" mode. For more details see:


You should be able to find kernels with SAref patches (mostly ubuntu
ones) at http://download.openswan.org/openswan/binaries/


More information about the Users mailing list