Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Multiple client connected with Shrewsoft VPN Client

    IPsec
    4
    7
    5148
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      matrix1233 last edited by

      Hi,
      I have configured a IPSEC vpn server with pfsense with Shrewsoft VPN Client, the connection is done i can access to the network correctly, but when i connect the 2nd vpn client  the 1st client is stopped…
      how can connect many client to my vpn server ?
      thx

      1 Reply Last reply Reply Quote 0
      • M
        matrix1233 last edited by

        no suggest  ???

        1 Reply Last reply Reply Quote 0
        • M
          matrix1233 last edited by

          hi,
          i do some test and i think the problem is that when i have more than 1 client vpn connected from the same access point , the result is 1 client vpn connected and when i have many client connected from many place(public ip is different) it can work. any solution if i wanna to connect more than one client from the same with the same access point (the same public ip adress)
          thanks

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            If you have more than one remote client at the same site, then you should be using a site-to-site VPN tunnel of some kind instead of individual clients.

            1 Reply Last reply Reply Quote 0
            • P
              psylo last edited by

              @jimp:

              If you have more than one remote client at the same site, then you should be using a site-to-site VPN tunnel of some kind instead of individual clients.

              It's the best way to do but sometimes, it's not possible (Hotspot, etc…). So, the way to do is to configure different IPSEC identity: a different identity for each remote client. Normally, it will work like that.

              1 Reply Last reply Reply Quote 0
              • M
                matrix1233 last edited by

                i have tested this solution but the connection stop when the second client connect
                thx

                1 Reply Last reply Reply Quote 0
                • N
                  notladstyle last edited by

                  The flaw is in the iptables implementation.

                  IPSEC originally uses UDP port P500 and ESP to establish a tunnel. unfortunately the current iptables version implemented in pfsense  is not aware of ESP packets and cannot NAT them. as a result only one connection can utilize them.

                  once pfsense supports NAT-T your problem will be solved as it encapsulated the ESP packets in a UDP packet and routes them on port 4500.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy