On 04/05, Michael Lam wrote:
Are you able to have 2 clients connected at the same time? When I tried that (I am using mschap) whenever the 2nd client connects the 1st one's traffic will not go through anymore (it stays connected but no traffic can go through).
I've noticed that, if my 2 ikedv2 clients are on the same network using NAT and private IPs, instead of having their own public IPs, that they kick each other off when either of them connects to my remote ikedv2 server. At least last time I tried, on OpenBSD 6.3 I think. Both clients and server are running OpenBSD.
Searching the interwebs led me to think maybe IPSEC and NAT-T don't support that scenario...the flows say to send all the packets to the NATted network's public IP, but maybe the NATted network router doesn't know where to send it to after that, or rather, only can handle one such connection at a time, so, whenever a new one is started, the old one gets stomped.
Anyhoo, I don't know what I'm talking about, my usage of OpenBSD has only helped me get from complete ignorance of this stuff to slightly less ignorant, so, take all this with a grain of salt. :)
