[strongSwan] Multiple Windows 10 'Road Warriors'

[Andreas Thiele]

Hi,

I have several customers which I want to grant access to different subnets. For these customers I create certificates. So basically many customers can connect and have access to their devices. If a certificate gets lost I can create a new certificate and remove the old one from the allowed connections. This already works but I have a problem:

If a customer is behind a router (FRITZ!BOX 7490 for my test - I guess a very typical situation), only one Windows 10 workstation can connect to the VPN. A second cannot connect even if a different certificate is used. When the first disconnects, the second has to wait for abt. 10 minutes, then it can connect. I am no expert and just a few months ago, I nearly didn't know anything about VPN and not much about network technology at all.

Here is my otherwise working configuration:

# ipsec.conf - strongSwan IPsec configuration file

config setup
        charondebug="ike 2, cfg 2, chd 2"

conn windows
        fragmentation=yes
        left=%any
        leftcert=nx03Cert.der
        leftid="C=DE, O=strongSwan, CN=xxxxxx.com"
        leftfirewall=yes
        leftauth=pubkey
        keyexchange=ikev2
        right=%any
        auto=add

# individual customers are added here.

conn baseMob
        # base engineering
        also=windows
        leftsubnet=10.2.255.0/24
        rightid="C=DE, O=strongSwan, CN=CLIENT_XXX"
        rightsourceip=10.3.255.0/28

include /var/lib/strongswan/ipsec.conf.inc

I am thankful for any help or hint on how to improve things.


Best Wishes

Andreas

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190611/b6295f94/attachment.html>