5. IPSec multiple mobile clients

IPSec multiple mobile clients

  • A

    I have a VPN setup for incoming mobile clients using mode config and Xauth.
    There is an IP pool assigned - 192.168.2.0/28.
    This seems to generate a racoon.conf with a mode_cfg entry as:

    mode_cfg
    {
    auth_source system;
    group_source system;
    pool_size 13;
    network4 192.168.2.1;
    netmask4 255.255.255.240;
    }

    With this I see that I can connect with one client, but can never get
    a second mobile device to connect.

    The IPsec SPD status shows the link to be 0.0.0.0/0 <-> 192.168.2.1/28.
    A second attempt adds 0.0.0.0/0 <-> 192.168.2.2/28 but no traffic will
    flow to the second machine. This looks to be a routing issue.

    If I change the netmask in the racoon.conf file to be 255.255.255.255 then
    I see that multiple clients can connect and traffic will flow correctly. The
    SPD entries become 0.0.0.0/0 <-> 192.168.2.1/32, etc.
    I think that the GUI is creating an incorrect mode_cfg netmask entry in racoon.conf?

    Anybody else come across this?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy