Multiple VPN Pass through L2TP/IPSEC is not working on openwrt based gateways.
-
Hello,
I am testing multiple vpn pass through for L2TP/IPSEC in my openwrt based gateway.
I am testing this feature via CD router and found multiple vpn pass through is not working.
- CD router simulates two LAN clients on Gateway LAN port
- CD router runs VPN server on the WAN side
- LAN client 1 sends IPSEC packet with unique SPI ( Let’s say SPI A) to Gateway
- LAN client 1 sends IPSEC packet with unique SPI ( Let’s say SPI B) to Gateway
- Gateway forward the IPSEC packet from LAN client 1 with SPI A to VPN server on WAN side
- VPN server responding for the LAN client 1
- Gateway forward the IPSEC packet from LAN client 2 with SPI A to VPN server on WAN side ( It supposed to use SPI B which is generated from LAN client 2, but it is using the SPI of LAN client 1)
- VPN server drops the packets from LAN client 2 as it has invalid SPI.
I dont know why the SPI is getting changed in gateway. I couldn't find enough information to resolve the problem over internet.
Could anyone provide some hint on why the SPI is getting changed by Gateway?
Thanks in advance!!
Regards,
Saravana