On Wed, 11 Apr 2018, Mircea Troaca wrote:
libreswan + xl2tpd + a freeradius server. The problem occurs when two clients
from different networks with the same network (192.168.0.x) try to access the
Client A: 192.168.0.101
-> he is the first who connects and it is succesful.
Client B: 192.168.0.101 (from different network, different location, using a
router that gives 192.168.0.x)
-> Virtual IP 192.168.0.101/32 overlaps with connection "L2TP-PSK-NAT"
xxx.xxx.xxx.xxx (kind=CK_INSTANCE) 'xxx.xxx.xxx.xxx'
-> Kernel method 'netkey' does not support overlapping IP ranges
This should work, if you use marking to make each IPsec SA unique.
Try adding this to your connection:
and the tunnel is not established...
here is my config of ipsec.conf
and here is the config of l2tp-psk.conf
# Use a Preshared Key. Disable Perfect Forward Secrecy.
# we cannot rekey for %any, let client rekey
# Apple iOS doesn't send delete notify so we need dead peer detection
# to detect vanishing clients
# Set ikelifetime and keylife to same defaults windows has
# l2tp-over-ipsec is transport mode
# left will be filled in automatically with the local address of the
default-route interface (as determined at IPsec startup time).
# For updated Windows 2000/XP clients,
# to support old clients as well, use leftprotoport=17/%any
# The remote user.
# Using the magic port of "%any" means "any one single port". This is
# a work around required for Apple OSX clients that use a randomly
# high port.
Thank you in advice!
Swan mailing list