Hi, I don't have GRE and all clients are iOS devices on the same policy. The symptom is like when the 2nd client connects, the IPSec flow that is shown via ipsecctl -sa indicates that the 2nd flow, due to the fact that it is assigned an IP address in the same subnet of the first one (due to the config-address directive in iked.conf, overrides the flow control of the first client.
I will try again using certificates to see if it works and if time permits but I doubt the behaviour will be different that using mschap. Rgds, Michael > On 5 Apr 2019, at 10:05 PM, Matthew Ernisse <m...@going-flying.com> wrote: > > On Fri, Apr 05, 2019 at 01:45:19PM +0000, Michael Lam said unto me: >> >> Are you able to have 2 clients connected at the same time? When I tried >> that (I am using mschap) whenever the 2nd client connects the 1st one's >> traffic will not go through anymore (it stays connected but no traffic >> can go through). > > Yes. In general I have 3 static site-to-site tunnels with specific > flows (running GRE on top), and then typically 1 but have had 3 simultaneous > connections hitting the roadwarrior policy. All of the tunnels are > using rsa certificate authentication with FQDN ids. > > --Matt > > -- > Matthew Ernisse > m...@going-flying.com > https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.going-flying.com%2F&data=02%7C01%7C%7C3bce9717b64e4d2b05db08d6b9f6a3dd%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636900866311673906&sdata=A7rqTNJWvQlyqwPljmIltHQaWxOMqUm0o8JuMsNEfD4%3D&reserved=0 >
