[Openswan Users] Road Warriors with same source IP Address
info at paully.co.uk
Thu Jul 20 07:53:14 EDT 2017
On 14/07/17 13:50, Gaiseric Vandal wrote:
> Assuming the remote user's have private IP class C subnet behind their ISP router/modem/firewall/gateway. Assume each remote user has configured their PC with the same private IP address. The initial connections to the VPN server should come from the public IP on the remote users' routers. Are the remote computers linux or windows? Is the tunnel for user1 actually going down, or does user1 just get disconnected from corporate resources because the routing changes? I don't see how two VPN clients could have the same IP address any more than two LAN clients could.
I believe it the 'src' ip address (fakes shown) from this command...
$ ipsec look 2>/dev/null |grep 'dport'
src 192.168.0.65/32 dst 192.168.0.203/32 proto udp dport 1701
src 192.168.0.51/32 dst 192.168.0.203/32 proto udp dport 1701
src 126.96.36.1990/32 dst 192.168.0.203/32 proto udp dport 1701
src 188.8.131.529/32 dst 192.168.0.203/32 proto udp dport 1701
I shall ask them if they just get disconnected from the Remote Desktop Server or whether the VPN connection drops as well.
The remote computers are Apple Laptops on OSX running the built-in VPN connection software and 'Remote Desktop' app. They both also have to run a Terminal route command...
$ sudo route -n add 192.168.0.122 172.16.1.1
Yes, the 2 users are in the same house with the same Sky router (which has a dynamic IP address) and are both on the router assigned Class C subnet.
> If you are using openswan on the client in linux from the command line, I don't think you have an option to configure a virtual adapter (which would let the remote user have an IP address on the corporate LAN, therefore abstracting the remote user's real IP.) Openswan in linux does have gui front ends for the client, but those never worked for me. Instead I use shrewsoft as the linux gui vpn client, which may support virtual adapters.
> Are you using the strait IKE/IPSEC VPN or are you using LT2P+IPSEC?
They are using the built-in VPN connector found in Apple OSX.
Telephone: 07801 125705
Email: info at paully.co.uk
Paul Littlefield is environmentally responsible. Please consider the environment before printing this email. This email and any attachment is intended for the named addressee only, or person authorised to receive it on their behalf. The content should be treated as confidential and the recipient may not disclose this message or any attachment to anyone else without authorisation. If this transmission is received in error please notify the sender immediately and delete this message from your email system. All electronic transmissions to and from me are recorded and may be monitored. Finally, the recipient should check this email and any attachments for viruses. Paul Littlefield accepts no liability for any damage caused by any virus transmitted by this email.
Ubuntu 16.04.2 LTS (x86_64)
More information about the Users