Re: Problems with vpn roadwarriors using the same public ip
carlopmart wrote: Matthias Bertschy wrote: carlopmart wrote: Hi all, I have a very strange problem. I am using an OpenBSD 4.1 with isakmpd config (isakmpd.conf and isakmpd.policy) to establish vpn connections for my roadwarriors clients. When two roadwarriors clients that use the same public ip, only one client can connect, the other no. Roadwarriors use the greenbow client. Somebody knows how can I fix this??? Many thanks. Hello, I have the same problem with racoon on Linux 2.6, when a second client connects to IPSEC thru NAT, the first one loses his connection. I don't know if it is related to IPSEC, or a bug in both isakmpd and racoon; but I haven't found a fix yet. Matthias Bertschy I think that I found a solution. I have put Share-SADB = Define on General config on isakmpd.conf, and seems that now works ... But, is this ok? somebody knows if using this option can produce a security hole?? I believe that share SAs between clients could not be a good solution Thanks. Where did you get this Share-SADB = Define from? I have not found it in the manpage --Heinrich
Re: Problems with vpn roadwarriors using the same public ip
Heinrich Rebehn wrote: carlopmart wrote: Matthias Bertschy wrote: carlopmart wrote: Hi all, I have a very strange problem. I am using an OpenBSD 4.1 with isakmpd config (isakmpd.conf and isakmpd.policy) to establish vpn connections for my roadwarriors clients. When two roadwarriors clients that use the same public ip, only one client can connect, the other no. Roadwarriors use the greenbow client. Somebody knows how can I fix this??? Many thanks. Hello, I have the same problem with racoon on Linux 2.6, when a second client connects to IPSEC thru NAT, the first one loses his connection. I don't know if it is related to IPSEC, or a bug in both isakmpd and racoon; but I haven't found a fix yet. Matthias Bertschy I think that I found a solution. I have put Share-SADB = Define on General config on isakmpd.conf, and seems that now works ... But, is this ok? somebody knows if using this option can produce a security hole?? I believe that share SAs between clients could not be a good solution Thanks. Where did you get this Share-SADB = Define from? I have not found it in the manpage --Heinrich Sorry I would like to say Shared-SADB ... -- CL Martinez carlopmart {at} gmail {d0t} com
Re: Problems with vpn roadwarriors using the same public ip
carlopmart wrote: Heinrich Rebehn wrote: carlopmart wrote: Matthias Bertschy wrote: carlopmart wrote: Hi all, I have a very strange problem. I am using an OpenBSD 4.1 with isakmpd config (isakmpd.conf and isakmpd.policy) to establish vpn connections for my roadwarriors clients. When two roadwarriors clients that use the same public ip, only one client can connect, the other no. Roadwarriors use the greenbow client. Somebody knows how can I fix this??? Many thanks. Hello, I have the same problem with racoon on Linux 2.6, when a second client connects to IPSEC thru NAT, the first one loses his connection. I don't know if it is related to IPSEC, or a bug in both isakmpd and racoon; but I haven't found a fix yet. Matthias Bertschy I think that I found a solution. I have put Share-SADB = Define on General config on isakmpd.conf, and seems that now works ... But, is this ok? somebody knows if using this option can produce a security hole?? I believe that share SAs between clients could not be a good solution Thanks. Where did you get this Share-SADB = Define from? I have not found it in the manpage --Heinrich Sorry I would like to say Shared-SADB ... Yes, i see it in src/sys/sbin/isakmpd/pf_key_v2.c, but where is it documented? What exactly does it do? I am asking because i have a similar problem: 2 peers behind a NAT firewall connecting to an outside IPSec Gateway, one sometimes throwing out the other one. --Heinrich
Problems with vpn roadwarriors using the same public ip
Hi all, I have a very strange problem. I am using an OpenBSD 4.1 with isakmpd config (isakmpd.conf and isakmpd.policy) to establish vpn connections for my roadwarriors clients. When two roadwarriors clients that use the same public ip, only one client can connect, the other no. Roadwarriors use the greenbow client. Somebody knows how can I fix this??? Many thanks. -- CL Martinez carlopmart {at} gmail {d0t} com
Re: Problems with vpn roadwarriors using the same public ip
carlopmart wrote: Hi all, I have a very strange problem. I am using an OpenBSD 4.1 with isakmpd config (isakmpd.conf and isakmpd.policy) to establish vpn connections for my roadwarriors clients. When two roadwarriors clients that use the same public ip, only one client can connect, the other no. Roadwarriors use the greenbow client. Somebody knows how can I fix this??? Many thanks. Hello, I have the same problem with racoon on Linux 2.6, when a second client connects to IPSEC thru NAT, the first one loses his connection. I don't know if it is related to IPSEC, or a bug in both isakmpd and racoon; but I haven't found a fix yet. Matthias Bertschy
Re: Problems with vpn roadwarriors using the same public ip
Matthias Bertschy wrote: carlopmart wrote: Hi all, I have a very strange problem. I am using an OpenBSD 4.1 with isakmpd config (isakmpd.conf and isakmpd.policy) to establish vpn connections for my roadwarriors clients. When two roadwarriors clients that use the same public ip, only one client can connect, the other no. Roadwarriors use the greenbow client. Somebody knows how can I fix this??? Many thanks. Hello, I have the same problem with racoon on Linux 2.6, when a second client connects to IPSEC thru NAT, the first one loses his connection. I don't know if it is related to IPSEC, or a bug in both isakmpd and racoon; but I haven't found a fix yet. Matthias Bertschy I think that I found a solution. I have put Share-SADB = Define on General config on isakmpd.conf, and seems that now works ... But, is this ok? somebody knows if using this option can produce a security hole?? I believe that share SAs between clients could not be a good solution Thanks. -- CL Martinez carlopmart {at} gmail {d0t} com