carlopmart wrote:
Heinrich Rebehn wrote:
carlopmart wrote:
Matthias Bertschy wrote:
carlopmart wrote:
Hi all,
I have a very strange problem. I am using an OpenBSD 4.1 with
isakmpd config (isakmpd.conf and isakmpd.policy) to establish vpn
connections for my roadwarriors clients.
When two roadwarriors clients that use the same public ip, only
one client can connect, the other no. Roadwarriors use the greenbow
client.
Somebody knows how can I fix this???
Many thanks.
Hello,
I have the same problem with racoon on Linux 2.6, when a second
client connects to IPSEC thru NAT, the first one loses his connection.
I don't know if it is related to IPSEC, or a bug in both isakmpd and
racoon; but I haven't found a fix yet.
Matthias Bertschy
I think that I found a solution. I have put "Share-SADB = Define" on
"General" config on isakmpd.conf, and seems that now works ... But,
is this ok? somebody knows if using this option can produce a
security hole?? I believe that share SAs between clients could not be
a good solution ....
Thanks.
Where did you get this "Share-SADB = Define" from? I have not found it
in the manpage
--Heinrich
Sorry I would like to say "Shared-SADB" ...
Yes, i see it in src/sys/sbin/isakmpd/pf_key_v2.c, but where is it
documented? What exactly does it do?
I am asking because i have a similar problem: 2 peers behind a NAT
firewall connecting to an outside IPSec Gateway, one sometimes throwing
out the other one.
--Heinrich
