IPSec multiple mobile clients
-
I have a VPN setup for incoming mobile clients using mode config and Xauth.
There is an IP pool assigned - 192.168.2.0/28.
This seems to generate a racoon.conf with a mode_cfg entry as:mode_cfg
{
auth_source system;
group_source system;
pool_size 13;
network4 192.168.2.1;
netmask4 255.255.255.240;
}With this I see that I can connect with one client, but can never get
a second mobile device to connect.The IPsec SPD status shows the link to be 0.0.0.0/0 <-> 192.168.2.1/28.
A second attempt adds 0.0.0.0/0 <-> 192.168.2.2/28 but no traffic will
flow to the second machine. This looks to be a routing issue.If I change the netmask in the racoon.conf file to be 255.255.255.255 then
I see that multiple clients can connect and traffic will flow correctly. The
SPD entries become 0.0.0.0/0 <-> 192.168.2.1/32, etc.
I think that the GUI is creating an incorrect mode_cfg netmask entry in racoon.conf?Anybody else come across this?