[strongSwan] l2tp/ipsec - same private ip address behind two different peers

tuarego da silva tuarego at yahoo.com
Sat Jan 31 23:41:15 CET 2015 

Hi Noel,I tried =no and it seems to work... strange because I tried earlier and charon hanged up !!!I will try =never too.About two roadwarriors behind same NAT address, do you know if there is a solution ?Many thanks,Pedro. 

     On Saturday, January 31, 2015 10:12 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
   

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Tuarego,

Try uniqueids=never.


Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 31.01.2015 um 22:58 schrieb tuarego da silva:
> Hello all,
> We have been using Strongswan to allow our users (students and teachers) to establish vpn sessions to our school. We choose to use IPSec/L2TP due windows and mac native clients... A few months ago we discovered that Strongswan does not support multiple clients behind same NAT address and was a big issue for us because we have students residences where many students try to connect at same time.
> Now we discovered another issue that is, Strongswan does not allow that two users behind different NAT ip addresses but with same private ip address connect at same time.
> In charon log we see:
> Jan 31 17:51:22 16[IKE] deleting duplicate IKE_SA for peer '192.168.1.83' due to uniqueness policy
>
> So before trying another solution for VPN we would like to ask if anybody knows if there is way to configure Strongswan in order to use transport mode (L2TP) and bypass this difficulties.
> Best,
> Pedro.
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUzVM/AAoJEDg5KY9j7GZYx8EP+wSGH9dRoIMe1aECx5LKr0hP
Y4FulMZrLLHSfj96t+/WTH7obL6ovwfKjurLRgaeHu95scOrC6H3nzDTHq9texRj
tCrvvWNKboYRny+YekRx2lT7svfvxfIL1TwZ3dkD68zFNazQN/mHlXHmGK2mR+KM
F5Su8qv6wpioF8uT+KB2NVvJgT2XZ2KQWfRUwqRLkwoOfx/oKXuxEoGGYhbvyLPu
Nexs18n2Oy0IDoPR2oYP/2cadTjvU21S/Si5bJn1mzF/zqe4Jg/3RB8k3rsgVcxn
dyQTLAs8nnEc6/TAZVPjq24HLCF9IkRI8PJSGYtt3XSBw526dnsQJ8RfQLQ1xTEn
yGz6qaf2T1QxrDnzr3TdQyvhm388ZKlecIRO061LivECPFm+LQJEDZFfu5r9asW7
JsaWpgLUBu+eX3OSelyKzOQQakpg7Gqgbmu4MhxvgQmUwW+5Jue5MonSeaxcdfl9
izhmfzY58vW64YJfb2BJ/wRnPwuuv6B7TayqEsjQG9N0jqrRu8dC001WghK3ELgA
MuyHja/bm0Q1TFokyB4iw5No3+HuZHHUnShCM9vgXqWmTNG3XxBs1pnrQ0zxR9B+
StdEba8e6ycnKxnpkgoEsI/+neFxGd6vSr8pQ65jWXAVlZPDX1vICm4+e+ALWZpG
CZ0KO8+tCTlJN/kAgZko
=7xOo
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150131/c14fd7bf/attachment.html>

More information about the Users mailing list