philtreF opened a new issue, #10655: URL: https://github.com/apache/cloudstack/issues/10655
### The required feature described as a wish Dear cloudstack community, I was surprised to see that the current implementation of client to site VPN does not enable to open multiple client to site VPN when computers share the same public IPs. I read #8566 and found that another people have the same experience. Charon is aware of this NAT client situation as per my logs : ` Apr 2 20:27:35 r-4188-VM charon: 06[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ] Apr 2 20:27:35 r-4188-VM charon: 06[IKE] **remote host is behind NAT** Apr 2 20:27:35 r-4188-VM charon: 06[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ] Apr 2 20:27:35 r-4188-VM charon: 06[NET] sending packet: from 182.234.27.275[500] to 36.35.10.124[57049] (372 bytes) Apr 2 20:27:35 r-4188-VM charon: 12[NET] received packet: from 36.35.10.124[55814] to 182.234.27.275[4500] (76 bytes) Apr 2 20:27:35 r-4188-VM charon: 12[ENC] parsed ID_PROT request 0 [ ID HASH ] Apr 2 20:27:35 r-4188-VM charon: 12[CFG] looking for pre-shared key peer configs matching 182.234.27.275...36.35.10.124[192.168.1.93] Apr 2 20:27:35 r-4188-VM charon: 12[CFG] selected peer config "L2TP-PSK" Apr 2 20:27:35 r-4188-VM charon: 12[IKE] IKE_SA L2TP-PSK[150] established between 182.234.27.275[182.234.27.275]...36.35.10.124[**192.168.1.93**] Apr 2 20:27:35 r-4188-VM charon: 12[ENC] generating ID_PROT response 0 [ ID HASH ] [...] Apr 2 20:27:35 r-4188-VM ipsec[6798]: 15[CFG] looking for pre-shared key peer configs matching 182.234.27.275...36.35.10.124[192.168.1.14] Apr 2 20:27:35 r-4188-VM ipsec[6798]: 15[CFG] selected peer config "L2TP-PSK" Apr 2 20:27:35 r-4188-VM ipsec[6798]: 15[IKE] IKE_SA L2TP-PSK[149] established between 182.234.27.275[182.234.27.275]...36.35.10.124[**192.168.1.14**] ` But like described in #8566 only one client is able to login at a time. The second one disconnect the first one... https://docs.strongswan.org/docs/latest/plugins/connmark.html Strongswan's input is to compile with --enable-connmark flag. I am researching to fix this myself and then to make a PR to make this available for the community. Are the system vm images closed source or can I find a repo somewhere to improve this behavior? Fred -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
