[strongSwan] Multiple vpn clients behind NAT support
martin at strongswan.org
Thu Jul 2 13:35:48 CEST 2015
> From behind NAT only one client is able to connect at a time. If one remote
> access vpn in up second vpn connection is failed connect.
The Windows L2TP/IPsec client uses transport mode to secure L2TP. A
gateway can't distinguish two clients behind the same NAT without some
tricks, as they both have the same external IP address.
Given that Windows 7 supports IKEv2 and real IPsec, I highly recommend
to consider switching to that superior protocol .
If that is not an option for you, you might have a look at the connmark
plugin , which allows you to use Conntrack and Netfilter marks to
bind connections to specific SAs. This is all not that trivial, though.
More information about the Users