[Openswan Users] Roadwarriors allow only one user a time

Leto letoams at gmail.com
Fri Sep 20 15:01:36 UTC 2013 

openswan does not support xauth for pools of road warriors. use libreswan or strongswan for that.

you can try workarounds like uniqueids=no but in the end you really need a dhcp pool for your ipsec server which openswan does not have

sent from a tiny device 

On 2013-09-20, at 9:27, Renzo <reda at logobject.ch> wrote:

> Hi,
> no there are no overlapping and is a pure ipsec connection.
> I've tested with 3 different computers all of them are able to connect correctly but not in parallel, as soon as the new one is connected the old one is 
> 
> Thanks
> Renzo
> 
> 
> On 20.09.2013 00:20, Paul Young wrote:
>> Hi,
>> 
>> Are there overlapping IP assignments from behind different and the same NAT routers?
>> 
>> As Netkey does not support that in the same way that KLIPS does.
>> 
>> Also is this pure ipsec connection or is l2tp\ppp involved at all?
>> 
>> Sorry that does not directly answer your question.
>> 
>> I am pretty new to all of this myself
>> 
>> 
>> On 19 September 2013 22:24, Renzo <reda at logobject.ch> wrote:
>>> Hi,
>>> We are trying to configure a roadwarriors  vpn, here the configuration we have:
>>> 
>>> 
>>> 
>>> 
>>> version 2.0     # conforms to second version of ipsec.conf specification
>>> config setup
>>>         nat_traversal=yes
>>> virtual_private=%v4:10.0.0.0/8,%v4:!10.11.0.0/16,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
>>>         oe=off
>>>         protostack=netkey
>>>         uniqueids=no
>>> # roadwarrior
>>> conn roadwarriors
>>>      authby=secret
>>>      left=%defaultroute
>>>      leftid=ourExternaIp
>>>      leftsubnet=0.0.0.0/0
>>>      leftxauthserver=yes
>>>      right=%any
>>>      rightid=%any
>>>      rightsubnet=10.11.4.0/24
>>>      rightxauthclient=yes
>>>      dpddelay=30
>>>      dpdtimeout=120
>>>      dpdaction=clear
>>>      rekey=no
>>>      ikelifetime=3h
>>>      salifetime=3h
>>>      aggrmode=no
>>>      ike=3des-sha1;modp1024
>>>      type=tunnel
>>>      phase2=esp
>>>      phase2alg=3des-sha1;modp1024
>>>      modecfgdns1=10.11.1.1
>>>      auto=add
>>> 
>>> It works really fine until only one remote pc is connected.
>>> As soon as another user try to connect, the server close the old tunnel and create the new one.
>>> I.e. only one user a time can connect through the vpn.
>>> Any suggestion?
>>> 
>>> 
>>> # uname -a
>>> Linux alixg 3.8.2 #3 Mon Mar 4 09:32:22 CET 2013 i586 Geode(TM) Integrated Processor by AMD PCS AuthenticAMD GNU/Linux
>>> 
>>> # ipsec --version
>>> Linux Openswan U2.6.38/K3.8.2 (netkey)
>>> 
>>> 
>>> Thanks for your time
>>> Renzo
>>> 
>>> 
>>> _______________________________________________
>>> Users at lists.openswan.org
>>> https://lists.openswan.org/mailman/listinfo/users
>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130920/b9931f58/attachment.html>

More information about the Users mailing list