[Openswan Users] Roadwarriors allow only one user a time
Renzo
reda at logobject.ch
Mon Sep 23 06:30:01 UTC 2013
Hi Paul,
Thanks for hint, I'll have a look.
Just a question, are you using KLIPS or NETKEY?
Thanks
Renzo
On 21.09.2013 06:06, Paul Young wrote:
> Ok,
>
> Well in my case I basically followed Jacco's tutorial and am using
> xltpd and ppp and it works quite well.
>
> One of the few things with Openswan that I actually got working...........
>
> Sorry I could not help you more.
>
> Paul
>
>
> On 20 September 2013 23:27, Renzo <reda at logobject.ch
> <mailto:reda at logobject.ch>> wrote:
>
> Hi,
> no there are no overlapping and is a pure ipsec connection.
> I've tested with 3 different computers all of them are able to
> connect correctly but not in parallel, as soon as the new one is
> connected the old one is
>
> Thanks
> Renzo
>
>
>
> On 20.09.2013 00:20, Paul Young wrote:
>> Hi,
>>
>> Are there overlapping IP assignments from behind different and
>> the same NAT routers?
>>
>> As Netkey does not support that in the same way that KLIPS does.
>>
>> Also is this pure ipsec connection or is l2tp\ppp involved at all?
>>
>> Sorry that does not directly answer your question.
>>
>> I am pretty new to all of this myself
>>
>>
>> On 19 September 2013 22:24, Renzo <reda at logobject.ch
>> <mailto:reda at logobject.ch>> wrote:
>>
>> Hi,
>> We are trying to configure a roadwarriors vpn, here the
>> configuration we have:
>>
>>
>>
>>
>> version 2.0 # conforms to second version of ipsec.conf
>> specification
>> config setup
>> nat_traversal=yes
>> virtual_private=%v4:10.0.0.0/8,%v4:!10.11.0.0/16,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
>> <http://10.0.0.0/8,%v4:%2110.11.0.0/16,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10>
>> oe=off
>> protostack=netkey
>> uniqueids=no
>> # roadwarrior
>> conn roadwarriors
>> authby=secret
>> left=%defaultroute
>> leftid=ourExternaIp
>> leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
>> leftxauthserver=yes
>> right=%any
>> rightid=%any
>> rightsubnet=10.11.4.0/24 <http://10.11.4.0/24>
>> rightxauthclient=yes
>> dpddelay=30
>> dpdtimeout=120
>> dpdaction=clear
>> rekey=no
>> ikelifetime=3h
>> salifetime=3h
>> aggrmode=no
>> ike=3des-sha1;modp1024
>> type=tunnel
>> phase2=esp
>> phase2alg=3des-sha1;modp1024
>> modecfgdns1=10.11.1.1
>> auto=add
>>
>> It works really fine until only one remote pc is connected.
>> As soon as another user try to connect, the server close the
>> old tunnel and create the new one.
>> I.e. only one user a time can connect through the vpn.
>> Any suggestion?
>>
>>
>> # uname -a
>> Linux alixg 3.8.2 #3 Mon Mar 4 09:32:22 CET 2013 i586
>> Geode(TM) Integrated Processor by AMD PCS AuthenticAMD GNU/Linux
>>
>> # ipsec --version
>> Linux Openswan U2.6.38/K3.8.2 (netkey)
>>
>>
>> Thanks for your time
>> Renzo
>>
>>
>> _______________________________________________
>> Users at lists.openswan.org <mailto:Users at lists.openswan.org>
>> https://lists.openswan.org/mailman/listinfo/users
>> Micropayments:
>> https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130923/a47a0ee4/attachment.html>
More information about the Users
mailing list