Multiple client connected with Shrewsoft VPN Client



  • Hi,
    I have configured a IPSEC vpn server with pfsense with Shrewsoft VPN Client, the connection is done i can access to the network correctly, but when i connect the 2nd vpn client  the 1st client is stopped…
    how can connect many client to my vpn server ?
    thx



  • no suggest  ???



  • hi,
    i do some test and i think the problem is that when i have more than 1 client vpn connected from the same access point , the result is 1 client vpn connected and when i have many client connected from many place(public ip is different) it can work. any solution if i wanna to connect more than one client from the same with the same access point (the same public ip adress)
    thanks


  • Rebel Alliance Developer Netgate

    If you have more than one remote client at the same site, then you should be using a site-to-site VPN tunnel of some kind instead of individual clients.



  • @jimp:

    If you have more than one remote client at the same site, then you should be using a site-to-site VPN tunnel of some kind instead of individual clients.

    It's the best way to do but sometimes, it's not possible (Hotspot, etc…). So, the way to do is to configure different IPSEC identity: a different identity for each remote client. Normally, it will work like that.



  • i have tested this solution but the connection stop when the second client connect
    thx



  • The flaw is in the iptables implementation.

    IPSEC originally uses UDP port P500 and ESP to establish a tunnel. unfortunately the current iptables version implemented in pfsense  is not aware of ESP packets and cannot NAT them. as a result only one connection can utilize them.

    once pfsense supports NAT-T your problem will be solved as it encapsulated the ESP packets in a UDP packet and routes them on port 4500.


Locked