On Tue, 6 Dec 2016, Robert Szasz wrote:
I'll try it, but that would be a problem if I have to add the local
address for any machine that wants to connect. I assume there is a way
to work through NAT because picked up nat-t and works for phase 1. I was
hoping I had just missed a parameter in the ipsec.conf to get phase 2
working.
the NPPPD/IPSec combination does not need to know about the IP. Not
knowing is the only way it can handle road-warrior types. The only issue
as the far-more-knowledgeable-than-I Stuart Henderson pointed out is that
you can have only one such Pre-Shared=-Key for all these unknown peers.
Sorry, busy with other things yesterday. I will try and find the time to
go through your configurations later today.
Did you try to use 3des and modp1024 in your ipsec.conf because that is
the only config some Windows clients will handle? Did you read this?
https://support.microsoft.com/en-us/kb/325158
Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer
