Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple client connected with Shrewsoft VPN Client

    Scheduled Pinned Locked Moved IPsec
    7 Posts 4 Posters 5.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      matrix1233
      last edited by

      Hi,
      I have configured a IPSEC vpn server with pfsense with Shrewsoft VPN Client, the connection is done i can access to the network correctly, but when i connect the 2nd vpn client  the 1st client is stopped…
      how can connect many client to my vpn server ?
      thx

      1 Reply Last reply Reply Quote 0
      • M
        matrix1233
        last edited by

        no suggest  ???

        1 Reply Last reply Reply Quote 0
        • M
          matrix1233
          last edited by

          hi,
          i do some test and i think the problem is that when i have more than 1 client vpn connected from the same access point , the result is 1 client vpn connected and when i have many client connected from many place(public ip is different) it can work. any solution if i wanna to connect more than one client from the same with the same access point (the same public ip adress)
          thanks

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            If you have more than one remote client at the same site, then you should be using a site-to-site VPN tunnel of some kind instead of individual clients.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • P
              psylo
              last edited by

              @jimp:

              If you have more than one remote client at the same site, then you should be using a site-to-site VPN tunnel of some kind instead of individual clients.

              It's the best way to do but sometimes, it's not possible (Hotspot, etc…). So, the way to do is to configure different IPSEC identity: a different identity for each remote client. Normally, it will work like that.

              1 Reply Last reply Reply Quote 0
              • M
                matrix1233
                last edited by

                i have tested this solution but the connection stop when the second client connect
                thx

                1 Reply Last reply Reply Quote 0
                • N
                  notladstyle
                  last edited by

                  The flaw is in the iptables implementation.

                  IPSEC originally uses UDP port P500 and ESP to establish a tunnel. unfortunately the current iptables version implemented in pfsense  is not aware of ESP packets and cannot NAT them. as a result only one connection can utilize them.

                  once pfsense supports NAT-T your problem will be solved as it encapsulated the ESP packets in a UDP packet and routes them on port 4500.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.