> On Jun 2, 2018, at 6:03 AM, Stuart Henderson <[email protected]> wrote:
>
>> On 2018-06-01, J Vans <[email protected]> wrote:
>> I am trying to route all of my ipv4 traffic through a particular server
>> using OpenIKED. I have it successfully set up so that each client can
>> connect, and the traffic passes through correctly, but it only works for
>> one client at a time. If Client A is connected by itself things work
>> just fine, but once I connect Client B, Client B works and client A no
>> longer is able to pass any traffic out. I restart IKED on Client A, and
>> Client B loses it's connection.
>>
>> I searched through misc and didn't find anyone talking about exactly
>> what I was trying to do, and a web search turned up one useful result
>> that claims using ikev2 I cannot do this without ipv6.
>> https://serverfault.com/questions/775238/two-road-warrior-clients-behind-the-same-nat-device-ikev2-strongswan-libreswa
>> The claim that nat can't differentiate between the traffic of each
>> client makes sense to me, but there is a lot I do not know.
>
> The claim in that reply about needing IPv6 and NAT not working is
> nonsense, the port numbers are different. This is exactly what NAT-T
> fixes.
>
>> I know that traffic can be tagged by IKED and have tried routing by tag
>> in pf to no avail. However, it is possible I have not done this correctly.
>>
>> My questions are:
>>
>> 1. If I want multiple "road warrior" clients behind nat in IKED do I
>> need to implement ipv6?
>>
>> 2. Is there a different way to accomplish this besides ipv6?
>>
>>
>>
>
> I don't have a setup handy to test at the moment but I don't think
> there's anything special to do here. If you show your config (iked,
> pf, outline of network setup) maybe somebody will notice something?
>
I had a similar problem when trying to assign specific IP addresses based on
asn1 id.
