> However, only one client machine at a time is capable of connecting to the > VPN server. I suspect this is due to the inability of the firewall to > distinguish which internal (NATed) PC belongs to which external VPN > connection. Is this true? Is there a way to fix this or another > iptables_ > module I need to find?
This is a problem inherent in ipsec: You need the UDP Port 500 and ESP packets. If one client connects to a server through a NAT box, the NAT box will route ESP packets to that client. If a second client comes along and connects to the same server, the NAT box has no way to find out whether an ESP packet coming from the server is destined for the first or the second client and will send all of them to the first client. The solution is to use NAT Traversal. We use SSH Sentinel with FreeS/WAN. On both sides, we activate NAT Traversal, which allows us to use multiple connections from behind the same gateway. I have no idea if NAT Traversal is available for your setup. Regards Alex ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
