On Tue, 31 Oct 2017, Hao Chen wrote:
I still cannot let 2 private clients behind NAT to communicate public server simultaneous. Can you please help me?
Did you try the -1 mark that causes unique marks in the XFRM policy per client, with overlapip=yes set? It should need no custom iptables rules. That should work. If not, you should let us now what specific errors or problems you are seeing. The reqids should then also automatically get generated and be unique per client. Setting them manually is almost never the right solution. All of this only needs to happen on the server side. The client side needs no marking or anything odd, because it has no conflicts itself. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
