Multiple VPN Pass through L2TP/IPSEC is not working on openwrt based gateways.



  • Hello,

    I am testing multiple vpn pass through for L2TP/IPSEC in my openwrt based gateway.

    I am testing this feature via CD router and found multiple vpn pass through is not working.

    1. CD router simulates two LAN clients on Gateway LAN port
    2. CD router runs VPN server on the WAN side
    3. LAN client 1 sends IPSEC packet with unique SPI ( Let’s say SPI A) to Gateway
    4. LAN client 1 sends IPSEC packet with unique SPI ( Let’s say SPI B) to Gateway
    5. Gateway forward the IPSEC packet from LAN client 1 with SPI A to VPN server on WAN side
    6. VPN server responding for the LAN client 1
    7. Gateway  forward the IPSEC packet from LAN client 2 with SPI A to VPN server on WAN side ( It supposed to use SPI B which is generated from LAN client 2, but it is using the SPI of LAN client 1)
    8. VPN server drops the packets from LAN client 2 as it has invalid SPI.

    I dont know why the SPI is getting changed in gateway. I couldn't find enough information to resolve the problem over internet.

    Could anyone provide some hint on why the SPI is getting changed by Gateway?

    Thanks in advance!!

    Regards,
    Saravana