5. IPSec multiple mobile clients

IPSec multiple mobile clients

  • A

    I have a VPN setup for incoming mobile clients using mode config and Xauth.
    There is an IP pool assigned - 192.168.2.0/28.
    This seems to generate a racoon.conf with a mode_cfg entry as:

    mode_cfg
    {
    auth_source system;
    group_source system;
    pool_size 13;
    network4 192.168.2.1;
    netmask4 255.255.255.240;
    }

    With this I see that I can connect with one client, but can never get
    a second mobile device to connect.

    The IPsec SPD status shows the link to be 0.0.0.0/0 <-> 192.168.2.1/28.
    A second attempt adds 0.0.0.0/0 <-> 192.168.2.2/28 but no traffic will
    flow to the second machine. This looks to be a routing issue.

    If I change the netmask in the racoon.conf file to be 255.255.255.255 then
    I see that multiple clients can connect and traffic will flow correctly. The
    SPD entries become 0.0.0.0/0 <-> 192.168.2.1/32, etc.
    I think that the GUI is creating an incorrect mode_cfg netmask entry in racoon.conf?

    Anybody else come across this?

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy