[strongSwan] problem with identical local peers addresses of two clients

Hendl Stephan stephan.hendl at landtag.brandenburg.de
Fri Jan 18 07:39:59 CET 2019


Hi Tobias,

we are using radius authentication with user certificates. 

        rightauth=eap-radius
        rightgroups="VPN_Verw"

"VPN_Verw" is the Radius Class-Attribut.

Regards,
Stephan

-----Ursprüngliche Nachricht-----
Von: Tobias Brunner <tobias at strongswan.org> 
Gesendet: Donnerstag, 17. Januar 2019 15:26
An: Hendl Stephan <stephan.hendl at landtag.brandenburg.de>; 'users at lists.strongswan.org' <users at lists.strongswan.org>
Betreff: Re: [strongSwan] problem with identical local peers addresses of two clients

Hi Stephan,

> we’ve two windows 10 clients which got the identical IP-address from
> their dsl router at home. Now they are fighting against each other in
> catching the vpn tunnel. Is there a way to fix that beside reconfiguring
> the home router?

What type of authentication are you using?  It seems the SAs are deleted
based on the IKE identity (which apparently is the private IP address
here).  Using a different authentication method might force Windows to
use the actual identity of the user/certificate and not the IP address.

Regards,
Tobias


More information about the Users mailing list