[Openswan Users] Roadwarriors allow only one user a time
Renzo
reda at logobject.ch
Fri Sep 20 13:27:25 UTC 2013
Hi,
no there are no overlapping and is a pure ipsec connection.
I've tested with 3 different computers all of them are able to connect
correctly but not in parallel, as soon as the new one is connected the
old one is
Thanks
Renzo
On 20.09.2013 00:20, Paul Young wrote:
> Hi,
>
> Are there overlapping IP assignments from behind different and the
> same NAT routers?
>
> As Netkey does not support that in the same way that KLIPS does.
>
> Also is this pure ipsec connection or is l2tp\ppp involved at all?
>
> Sorry that does not directly answer your question.
>
> I am pretty new to all of this myself
>
>
> On 19 September 2013 22:24, Renzo <reda at logobject.ch
> <mailto:reda at logobject.ch>> wrote:
>
> Hi,
> We are trying to configure a roadwarriors vpn, here the
> configuration we have:
>
>
>
>
> version 2.0 # conforms to second version of ipsec.conf
> specification
> config setup
> nat_traversal=yes
> virtual_private=%v4:10.0.0.0/8,%v4:!10.11.0.0/16,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
> <http://10.0.0.0/8,%v4:%2110.11.0.0/16,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10>
> oe=off
> protostack=netkey
> uniqueids=no
> # roadwarrior
> conn roadwarriors
> authby=secret
> left=%defaultroute
> leftid=ourExternaIp
> leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
> leftxauthserver=yes
> right=%any
> rightid=%any
> rightsubnet=10.11.4.0/24 <http://10.11.4.0/24>
> rightxauthclient=yes
> dpddelay=30
> dpdtimeout=120
> dpdaction=clear
> rekey=no
> ikelifetime=3h
> salifetime=3h
> aggrmode=no
> ike=3des-sha1;modp1024
> type=tunnel
> phase2=esp
> phase2alg=3des-sha1;modp1024
> modecfgdns1=10.11.1.1
> auto=add
>
> It works really fine until only one remote pc is connected.
> As soon as another user try to connect, the server close the old
> tunnel and create the new one.
> I.e. only one user a time can connect through the vpn.
> Any suggestion?
>
>
> # uname -a
> Linux alixg 3.8.2 #3 Mon Mar 4 09:32:22 CET 2013 i586 Geode(TM)
> Integrated Processor by AMD PCS AuthenticAMD GNU/Linux
>
> # ipsec --version
> Linux Openswan U2.6.38/K3.8.2 (netkey)
>
>
> Thanks for your time
> Renzo
>
>
> _______________________________________________
> Users at lists.openswan.org <mailto:Users at lists.openswan.org>
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments:
> https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130920/e09e5d78/attachment.html>
More information about the Users
mailing list