[Openswan Users] Roadwarriors allow only one user a time

Paul Young paul at arkig.com
Mon Sep 23 06:38:24 UTC 2013


Hi Renzo,

We are using Netkey - which of course has some draw backs if more then one
road warrior tries to come in from the same subnet range and it does not
support SAref.

Paul


On 23 September 2013 16:30, Renzo <reda at logobject.ch> wrote:

>  Hi Paul,
> Thanks for hint, I'll have a look.
> Just a question, are you using KLIPS or NETKEY?
>
> Thanks
> Renzo
>
>
> On 21.09.2013 06:06, Paul Young wrote:
>
> Ok,
>
>  Well in my case I basically followed Jacco's tutorial and am using xltpd
> and ppp and it works quite well.
>
>  One of the few things with Openswan that I actually got
> working...........
>
>  Sorry I could not help you more.
>
>  Paul
>
>
> On 20 September 2013 23:27, Renzo <reda at logobject.ch> wrote:
>
>>  Hi,
>> no there are no overlapping and is a pure ipsec connection.
>> I've tested with 3 different computers all of them are able to connect
>> correctly but not in parallel, as soon as the new one is connected the old
>> one is
>>
>> Thanks
>> Renzo
>>
>>
>>
>> On 20.09.2013 00:20, Paul Young wrote:
>>
>>  Hi,
>>
>>  Are there overlapping IP assignments from behind different and the same
>> NAT routers?
>>
>>  As Netkey does not support that in the same way that KLIPS does.
>>
>>  Also is this pure ipsec connection or is l2tp\ppp involved at all?
>>
>>  Sorry that does not directly answer your question.
>>
>>  I am pretty new to all of this myself
>>
>>
>> On 19 September 2013 22:24, Renzo <reda at logobject.ch> wrote:
>>
>>> Hi,
>>> We are trying to configure a roadwarriors  vpn, here the configuration
>>> we have:
>>>
>>>
>>>
>>>
>>> version 2.0     # conforms to second version of ipsec.conf specification
>>> config setup
>>>         nat_traversal=yes
>>> virtual_private=%v4:
>>> 10.0.0.0/8,%v4:!10.11.0.0/16,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
>>>         oe=off
>>>         protostack=netkey
>>>         uniqueids=no
>>> # roadwarrior
>>> conn roadwarriors
>>>      authby=secret
>>>      left=%defaultroute
>>>      leftid=ourExternaIp
>>>      leftsubnet=0.0.0.0/0
>>>      leftxauthserver=yes
>>>      right=%any
>>>      rightid=%any
>>>      rightsubnet=10.11.4.0/24
>>>      rightxauthclient=yes
>>>      dpddelay=30
>>>      dpdtimeout=120
>>>      dpdaction=clear
>>>      rekey=no
>>>      ikelifetime=3h
>>>      salifetime=3h
>>>      aggrmode=no
>>>      ike=3des-sha1;modp1024
>>>      type=tunnel
>>>      phase2=esp
>>>      phase2alg=3des-sha1;modp1024
>>>      modecfgdns1=10.11.1.1
>>>      auto=add
>>>
>>> It works really fine until only one remote pc is connected.
>>> As soon as another user try to connect, the server close the old tunnel
>>> and create the new one.
>>> I.e. only one user a time can connect through the vpn.
>>> Any suggestion?
>>>
>>>
>>> # uname -a
>>> Linux alixg 3.8.2 #3 Mon Mar 4 09:32:22 CET 2013 i586 Geode(TM)
>>> Integrated Processor by AMD PCS AuthenticAMD GNU/Linux
>>>
>>> # ipsec --version
>>> Linux Openswan U2.6.38/K3.8.2 (netkey)
>>>
>>>
>>> Thanks for your time
>>> Renzo
>>>
>>>
>>> _______________________________________________
>>> Users at lists.openswan.org
>>> https://lists.openswan.org/mailman/listinfo/users
>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130923/0adc3b18/attachment-0001.html>


More information about the Users mailing list