8000 Cannot connect more than one L2TP client behind the same NAT · Issue #1 · urpylka/vpn_utils · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
This repository was archived by the owner on Feb 27, 2020. It is now read-only.
This repository was archived by the owner on Feb 27, 2020. It is now read-only.
Cannot connect more than one L2TP client behind the same NAT #1
Open
Open
Cannot connect more than one L2TP client behind the same NAT#1
@dvornikov-aa

Description

@dvornikov-aa
dvornikov-aa
opened on Sep 5, 2018

This is a known issue with L2TP/IPsec:

  1. https://community.ubnt.com/t5/EdgeRouter/L2TP-VPN-Multiple-connections-from-same-NAT-d-location/td-p/512593
  2. xauth: multiple clients behind nat hwdsl2/setup-ipsec-vpn#55
  3. http://swan.libreswan.narkive.com/Rxj6YbXK/cannot-install-eroute-when-second-client-connected-from-behind-the-same-nat

The detailed problem explanation is here:

  1. http://www.jacco2.dds.nl/networking/openswan-l2tp.html#NAT
  2. https://lists.strongswan.org/pipermail/users/2009-June/003483.html

There are many comments that recomment to avoid using L2TP/IPsec in this case. Still, there is a possible solution (xelerance/xl2tpd#82) but it's not the easy one.

How to repeat:

  1. Use vpn-client-installer.sh on more than one Linux machine with different VPN users.
  2. Try to connect these machines to the VPN server from the local network (they must use the same router).
  3. Check the server log for "cannot install eroute -- it is in use for" error.

It's an importnant problem since L2TP/IPsec configuration is the one vpn-client-installer.sh uses.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0