[strongSwan] Multiple vpn clients behind NAT support
Martin Willi
martin at strongswan.org
Thu Jul 2 13:35:48 CEST 2015
Hi,
> From behind NAT only one client is able to connect at a time. If one remote
> access vpn in up second vpn connection is failed connect.
The Windows L2TP/IPsec client uses transport mode to secure L2TP. A
gateway can't distinguish two clients behind the same NAT without some
tricks, as they both have the same external IP address.
Given that Windows 7 supports IKEv2 and real IPsec, I highly recommend
to consider switching to that superior protocol [1].
If that is not an option for you, you might have a look at the connmark
plugin [2], which allows you to use Conntrack and Netfilter marks to
bind connections to specific SAs. This is all not that trivial, though.
Regards
Martin
[1]https://wiki.strongswan.org/projects/strongswan/wiki/Windows7
[2]https://wiki.strongswan.org/projects/strongswan/wiki/Connmark
More information about the Users
mailing list