IPSec multiple mobile clients



  • I have a VPN setup for incoming mobile clients using mode config and Xauth.
    There is an IP pool assigned - 192.168.2.0/28.
    This seems to generate a racoon.conf with a mode_cfg entry as:

    mode_cfg
    {
    auth_source system;
    group_source system;
    pool_size 13;
    network4 192.168.2.1;
    netmask4 255.255.255.240;
    }

    With this I see that I can connect with one client, but can never get
    a second mobile device to connect.

    The IPsec SPD status shows the link to be 0.0.0.0/0 <-> 192.168.2.1/28.
    A second attempt adds 0.0.0.0/0 <-> 192.168.2.2/28 but no traffic will
    flow to the second machine. This looks to be a routing issue.

    If I change the netmask in the racoon.conf file to be 255.255.255.255 then
    I see that multiple clients can connect and traffic will flow correctly. The
    SPD entries become 0.0.0.0/0 <-> 192.168.2.1/32, etc.
    I think that the GUI is creating an incorrect mode_cfg netmask entry in racoon.conf?

    Anybody else come across this?


Locked