On Sun, 3 Jan 2021, Валентин Росавицкий wrote:
I am trying to configure ipsec with hwdsl2 scripts for ipsec+xauth. Immediately after installation everything works without problems but I need to connect multiple clients from the same NAT network and for this I specified in the configuration file the option mark=-1 (-1/0xffffffffff) and overlap=yes and this leads to the client being able to successfully connect to the server but nothing else works.
I thought that was no longer neccessary? Recent versions should handle multiple clients behind the same NAT. Since every instance gets its own IP address, there is no need for overlapip= since you are not using transport mode. the overlapip= option was in use for L2TP/IPsec in transport mode where clashing clients use the same pre-NAT IP adress from behind different NAT routers. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
