xelerance
commented
10 years ago What exact version of Openswan are you using ?
Closed brenoavm closed 1 year ago
xelerance
commented
10 years ago What exact version of Openswan are you using ?
xelerance
commented
10 years ago If the users are truly behind the same NAT, and are therefore sitting on the exact same physical network, then you are assigning them the same IP address somehow. Please verify.
rider977
commented
10 years ago Hi,
'assigning them the same IP address somehow. Please verify.' Same IP address? Could you please describe more detailed? How could we configure same IP address on different clients behind same NAT?
Do you mean current 'xl2tpd' release could support multiple clients behind same NAT well? I also met the same issue on my VPN server.
Openswan IPsec U2.6.38/K2.6.36... xl2tpd-1.3.1
Best Wishes.
xelerance
commented
10 years ago Only two possible scenarios:
1- You have two machines at the same location, behind the same physical NAT, and you get kicked out: That means you are being given/asking the same IP by the PPP layer somehow. This is usually because you have set static IPs in the user CHAP authentication file and are trying to login as the same ID.
2- You have two machines at different locations, each behind their own NAT, and they have the same internal IP and you get kicked out. That means you are not using MAST mode, in Openswan, correctly.
rider977
commented
10 years ago Hi,
Senarios1- I login with different IDs and got separate PPP interface Senarios2- My OpenSWAN was using NETKEY instead of KLIPS
Is there any roadmap to fix the known problem in future release?
Best Wishes.
ffjia
commented
10 years ago Encountered same issue lately, can this be fixed or workaround?
oooo1
commented
10 years ago So, as I discovered, there are 2 aspects covering such issue: overlapping IP and "some routers don' t nat correctly and assign different clients with source port the same port 500 on the public IP ... One of way is to try to use different source port: port 500 for client1, port 1500 for client2, port 1501 for client3." That is ephemeral ports. As I know open2ltp support it. What about to build it to xl2tpd ?
Hi All,
I'm having some troubles while using xl2tpd 1.3.1 as a server and connecting two clients behind the same NAT network. When a user connects, the old user loses his traffic. Doing some research in the web, I found that xl2tpd is capable to handle that if using IPSec Saref. So I patched my kernel with files from openswan. Everything seems to be ok, except that the problem still occurs.
When I start my xl2tpd, it says:
Jun 20 11:52:07 gateway xl2tpd[11417]: Enabling IPsec SAref processing for L2TP transport mode SAs Jun 20 11:52:07 gateway xl2tpd[11417]: IPsec SAref does not work with L2TP kernel mode yet, enabling forceuserspace=yes Jun 20 11:52:07 gateway xl2tpd[11417]: Setting SAref IP_IPSEC_REFINFO number to 30 Jun 20 11:52:07 gateway xl2tpd[11417]: This binary does not support kernel L2TP. Jun 20 11:52:07 gateway xl2tpd[11418]: xl2tpd version xl2tpd-1.3.1 started on gateway PID:11418 Jun 20 11:52:07 gateway xl2tpd[11418]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Jun 20 11:52:07 gateway xl2tpd[11418]: Forked by Scott Balmos and David Stipp, (C) 2001 Jun 20 11:52:07 gateway xl2tpd[11418]: Inherited by Jeff McAdams, (C) 2002 Jun 20 11:52:07 gateway xl2tpd[11418]: Forked again by Xelerance (www.xelerance.com) (C) 2006 Jun 20 11:52:07 gateway xl2tpd[11418]: Listening on IP address 10.128.6.200, port 1701
My kernel version is 3.2.41-2+deb7u2~bpo60+1.1 backported to Debian Squeeze.
Maybe some one in the list could give me any idea about what is messing everything.
Best Regards,