The second client from the same nat network could not connect to the server, I will check all the logs again tomorrow. First I want to configure everything via ipsec+xauth but ipsec+l2tp I will also use.
3 января 2021, 19:30:16, от "Paul Wouters" <[email protected]>: On Sun, 3 Jan 2021, Валентин Росавицкий wrote: > I am trying to configure ipsec with hwdsl2 scripts for ipsec+xauth. > Immediately after installation everything > works without problems but I need to connect multiple clients from the same > NAT network and for this I > specified in the configuration file the option mark=-1 (-1/0xffffffffff) and > overlap=yes and this leads to the > client being able to successfully connect to the server but nothing else > works. I thought that was no longer neccessary? Recent versions should handle multiple clients behind the same NAT. Since every instance gets its own IP address, there is no need for overlapip= since you are not using transport mode. the overlapip= option was in use for L2TP/IPsec in transport mode where clashing clients use the same pre-NAT IP adress from behind different NAT routers. Paul
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
