IPSec VPN stops working completely if multiple connection made from same site
-
Hi,
I have successfully set up IPSec VPN and got it working. When I try the mobile client VPN from home (using Shrew) it works. But if I try from two different computers from my home it stops working for both (even though tunnel is up, can't route any traffic) even though they are using different identifiers. Even if I disconnect both computers and only try one, that one doesn't work at all until I reboot PFsense at my workplace (removing the state pertaining to the VPN connection doesn't work, it just keeps coming back).Is this a bug, or is meant to be like this? How can I get around this?
I will have 5 people connecting mobile client VPN from the same site to our company PFSense machine. I'm using PFSense 2.0 RC1
-
Do you have NAT-T forced on the clients? It may be that they're all trying to use udp/500 and ESP and the router you are behind that the other location isn't handling that well.
A reboot shouldn't be needed, you can just restart the racoon process under Status > Services.
If you have more than one mobile client at a given site, a site-to-site tunnel would be better than multiple mobile clients.
Failing that, ditch IPsec and use OpenVPN remote access clients. They don't have any of the clunky limitations of IPsec.
-
In Shrew VPN I have NAT traversal set to enable, not force. I can't set up a site to site VPN as the other location the mobile clients are based in is not managed by us. I think I will give OpenVPN a try. Thanks.
-
Hi,
i got same issue with multiple connection from one site in PSK mode.
u create multible users with preshared keys right? u use different user profiles for connection right?
Racoon dont create new SA when second user connect. So no traffic passes the tunnel.
this worked for me:
Switch to Mutal PSK + xAuth in phase1.
Users are promted for password then, but it works fine.
cya