Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPSec multiple mobile clients

    2.0-RC Snapshot Feedback and Problems - RETIRED
    1
    1
    4245
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andygi last edited by

      I have a VPN setup for incoming mobile clients using mode config and Xauth.
      There is an IP pool assigned - 192.168.2.0/28.
      This seems to generate a racoon.conf with a mode_cfg entry as:

      mode_cfg
      {
      auth_source system;
      group_source system;
      pool_size 13;
      network4 192.168.2.1;
      netmask4 255.255.255.240;
      }

      With this I see that I can connect with one client, but can never get
      a second mobile device to connect.

      The IPsec SPD status shows the link to be 0.0.0.0/0 <-> 192.168.2.1/28.
      A second attempt adds 0.0.0.0/0 <-> 192.168.2.2/28 but no traffic will
      flow to the second machine. This looks to be a routing issue.

      If I change the netmask in the racoon.conf file to be 255.255.255.255 then
      I see that multiple clients can connect and traffic will flow correctly. The
      SPD entries become 0.0.0.0/0 <-> 192.168.2.1/32, etc.
      I think that the GUI is creating an incorrect mode_cfg netmask entry in racoon.conf?

      Anybody else come across this?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy