-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello, Disable VPN forwarding, because your router can't distinguish between traffic for another IP, if the source IP and port is the same for both connections. e.g. A and B are behind a NAT router. C is the VPN server. The NAT router uses VPN forwarding and only changes the source IP of the packets. That means, that traffic from A and B both appear to come from the IP of the NAT router and port 500. A can establish a connection just fine. The mapping of the NAT router tells it, that all traffic from C and port 500 should go to A. If B tries to establish an IPsec connection to C, its traffic will be mapped to port 500, too. C responds to the initiation packet from B correctly and sends it to the NAT router on port 500. To the NAT router, traffic from C for either A or B looks identical and sends it all to A. The response packet to B's initiation packet never reaches B. This can be worked around by disabling VPN forwarding on the NAT router, so it maps different UDP connections from port 500 to different, distinguished high ports. Regards, Noel Kuntze GPG Key id: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 14.06.2014 22:21, schrieb CpServiceSPb .: - -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTnLMJAAoJEDg5KY9j7GZYQX0QAJYhWnJ1N7Rv/vm4pjIUM7kF 1RLP1ajoX1NxM+GS1lUbcplN30JNw2ftfiDZMkMWs2IldR0lCk6OLC2tG0hiFMBm xXo3HrWbQIEqy0MJZMUw5GakwVO9lw5Bc64guupmGF5mdZR8yClhU9RYZR0Ifzz4 LYLfnHENLIKHUMqM9ezKvxwNTV+26+6IJfRs+uA1VWZav3DwHxhxe1JdVkNwy1WY ChwCm6GbcNC/olMINcxGTniieIRZIcK+O/Jf9qLsrei+mg0ADJYmYWg/j6BW9BNm CXQgz9ETwjLhb+4llAAyjBMQQVvoBBDUiGuSK9E1BogRbb7jFUxbaLz/bEOZE51X vPnkkb4euwImRWZ2KLt6w2RK3UwdR+lODegCjpWfe2jLOofcV9YzfvYdebRjcEdF wzpcj9ppr2yV6bMhDgN1fvoPGylJx/uga8jhfFQV2qnuhBjVAgWNTRcckOwvSIjT /fPBvbb2Vs4Rd9hwB1UVWdzddbsmHjBFGnFV4v9vw82ViTQDeBgcS53P8ue/SHv4 P0OfI/CyjJ9ih2+5L/AiybXucJGhHLk/38+BCLrAhAOmBy0hbGX9OX5jbaxmccGg dVOxp9S35uxJYf1tXF9xi4VS/GjjtEwkwcg1ctJ0MH1s9G4tGAZMhI2783jxjgzP wu9UctHuG4bhyoFJUaEk =ManV - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTnLMJAAoJEDg5KY9j7GZY3xgQAItrPg4JZq0bZbWWkyQrmeKd mVYanJCiC4zrFm1Z0apZUrWrEMKi0j8VlSHfsP7wnn0IGRl71SO5CTHxl7q7TGsp 3sy9ylYqyd2G/fxgZzidqx1o9kyIXlEj5VIV2xL4UEnS1p/2jXg8EDaFZFvG1gUx fjnatP/wNfXVcu8Ljpo/g2x6q5si3yEOVSqOvtKpZ+AJ6RoesOp8Dk7s+SipYaWk G17sDfXyOAfy1tVWrcsMmP1kL0ZtnPHIEs0i7i/mA5V3wf/6br4FgN2IuvW/vQE9 MrxKQ0qVLEqd+2zxXiTV5NAVxsbVL+AA6XkbBuFNkjVQ4haUODvkcanr5mz+VDZV vTTZRyktiSBg2Uih9fSVJVPV58yh4M+Gs9PXHr/w9fNmNxCV9MwSTDc5UfBiWOop /nfIHqO2noYRjihWjPgll92DYdhMkD/nCh9WSqSvJTRu1dvbxBGdzuGzByQZKPGU 2LhLGymK2/LLhyj6mtK6wzxX0mHpRpBdjPGjxBNNwqIiNExz2l6hUxJAkPWijl50 fzmPjsoc0tJKyU7V3vAmdJqNASfZ6PSpmkkCT4DLuTqszNbATYhM6DhPPajo0S4Y sL3lHac5o6Sj19aPTiZIAIhn2S5fFOMOiegLq2PxDpH5YskYNBQZ8/XqZatk7NHB KgUVP5bnuT2AX2l49pRz =EzGm -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
