Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec multiple mobile clients

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    1 Posts 1 Posters 4.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andygi
      last edited by

      I have a VPN setup for incoming mobile clients using mode config and Xauth.
      There is an IP pool assigned - 192.168.2.0/28.
      This seems to generate a racoon.conf with a mode_cfg entry as:

      mode_cfg
      {
      auth_source system;
      group_source system;
      pool_size 13;
      network4 192.168.2.1;
      netmask4 255.255.255.240;
      }

      With this I see that I can connect with one client, but can never get
      a second mobile device to connect.

      The IPsec SPD status shows the link to be 0.0.0.0/0 <-> 192.168.2.1/28.
      A second attempt adds 0.0.0.0/0 <-> 192.168.2.2/28 but no traffic will
      flow to the second machine. This looks to be a routing issue.

      If I change the netmask in the racoon.conf file to be 255.255.255.255 then
      I see that multiple clients can connect and traffic will flow correctly. The
      SPD entries become 0.0.0.0/0 <-> 192.168.2.1/32, etc.
      I think that the GUI is creating an incorrect mode_cfg netmask entry in racoon.conf?

      Anybody else come across this?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.