Re: Problems with vpn roadwarriors using the same public ip
carlopmart wrote: Matthias Bertschy wrote: carlopmart wrote: Hi all, I have a very strange problem. I am using an OpenBSD 4.1 with isakmpd config (isakmpd.conf and isakmpd.policy) to establish vpn connections for my roadwarriors clients. When two roadwarriors clients that use the same public ip, only one client can connect, the other no. Roadwarriors use the greenbow client. Somebody knows how can I fix this??? Many thanks. Hello, I have the same problem with racoon on Linux 2.6, when a second client connects to IPSEC thru NAT, the first one loses his connection. I don't know if it is related to IPSEC, or a bug in both isakmpd and racoon; but I haven't found a fix yet. Matthias Bertschy I think that I found a solution. I have put Share-SADB = Define on General config on isakmpd.conf, and seems that now works ... But, is this ok? somebody knows if using this option can produce a security hole?? I believe that share SAs between clients could not be a good solution Thanks. Where did you get this Share-SADB = Define from? I have not found it in the manpage --Heinrich
Re: Problems with vpn roadwarriors using the same public ip
Heinrich Rebehn wrote:
carlopmart wrote:
Matthias Bertschy wrote:
carlopmart wrote:
Hi all,
I have a very strange problem. I am using an OpenBSD 4.1 with
isakmpd config (isakmpd.conf and isakmpd.policy) to establish vpn
connections for my roadwarriors clients.
When two roadwarriors clients that use the same public ip, only one
client can connect, the other no. Roadwarriors use the greenbow client.
Somebody knows how can I fix this???
Many thanks.
Hello,
I have the same problem with racoon on Linux 2.6, when a second
client connects to IPSEC thru NAT, the first one loses his connection.
I don't know if it is related to IPSEC, or a bug in both isakmpd and
racoon; but I haven't found a fix yet.
Matthias Bertschy
I think that I found a solution. I have put Share-SADB = Define on
General config on isakmpd.conf, and seems that now works ... But, is
this ok? somebody knows if using this option can produce a security
hole?? I believe that share SAs between clients could not be a good
solution
Thanks.
Where did you get this Share-SADB = Define from? I have not found it
in the manpage
--Heinrich
Sorry I would like to say Shared-SADB ...
--
CL Martinez
carlopmart {at} gmail {d0t} com
Re: Problems with vpn roadwarriors using the same public ip
carlopmart wrote: Heinrich Rebehn wrote: carlopmart wrote: Matthias Bertschy wrote: carlopmart wrote: Hi all, I have a very strange problem. I am using an OpenBSD 4.1 with isakmpd config (isakmpd.conf and isakmpd.policy) to establish vpn connections for my roadwarriors clients. When two roadwarriors clients that use the same public ip, only one client can connect, the other no. Roadwarriors use the greenbow client. Somebody knows how can I fix this??? Many thanks. Hello, I have the same problem with racoon on Linux 2.6, when a second client connects to IPSEC thru NAT, the first one loses his connection. I don't know if it is related to IPSEC, or a bug in both isakmpd and racoon; but I haven't found a fix yet. Matthias Bertschy I think that I found a solution. I have put Share-SADB = Define on General config on isakmpd.conf, and seems that now works ... But, is this ok? somebody knows if using this option can produce a security hole?? I believe that share SAs between clients could not be a good solution Thanks. Where did you get this Share-SADB = Define from? I have not found it in the manpage --Heinrich Sorry I would like to say Shared-SADB ... Yes, i see it in src/sys/sbin/isakmpd/pf_key_v2.c, but where is it documented? What exactly does it do? I am asking because i have a similar problem: 2 peers behind a NAT firewall connecting to an outside IPSec Gateway, one sometimes throwing out the other one. --Heinrich
Problems with vpn roadwarriors using the same public ip
Hi all,
I have a very strange problem. I am using an OpenBSD 4.1 with isakmpd config
(isakmpd.conf and isakmpd.policy) to establish vpn connections for my
roadwarriors clients.
When two roadwarriors clients that use the same public ip, only one client can
connect, the other no. Roadwarriors use the greenbow client.
Somebody knows how can I fix this???
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Re: Problems with vpn roadwarriors using the same public ip
carlopmart wrote: Hi all, I have a very strange problem. I am using an OpenBSD 4.1 with isakmpd config (isakmpd.conf and isakmpd.policy) to establish vpn connections for my roadwarriors clients. When two roadwarriors clients that use the same public ip, only one client can connect, the other no. Roadwarriors use the greenbow client. Somebody knows how can I fix this??? Many thanks. Hello, I have the same problem with racoon on Linux 2.6, when a second client connects to IPSEC thru NAT, the first one loses his connection. I don't know if it is related to IPSEC, or a bug in both isakmpd and racoon; but I haven't found a fix yet. Matthias Bertschy
Re: Problems with vpn roadwarriors using the same public ip
Matthias Bertschy wrote:
carlopmart wrote:
Hi all,
I have a very strange problem. I am using an OpenBSD 4.1 with isakmpd
config (isakmpd.conf and isakmpd.policy) to establish vpn connections
for my roadwarriors clients.
When two roadwarriors clients that use the same public ip, only one
client can connect, the other no. Roadwarriors use the greenbow client.
Somebody knows how can I fix this???
Many thanks.
Hello,
I have the same problem with racoon on Linux 2.6, when a second client
connects to IPSEC thru NAT, the first one loses his connection.
I don't know if it is related to IPSEC, or a bug in both isakmpd and
racoon; but I haven't found a fix yet.
Matthias Bertschy
I think that I found a solution. I have put Share-SADB = Define on General
config on isakmpd.conf, and seems that now works ... But, is this ok? somebody
knows if using this option can produce a security hole?? I believe that share
SAs between clients could not be a good solution
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
