[Swan] multiple users behind single nat

[Bob Miller]

Hello,

One of my VPN setups found most of the remote users in a single room
behind a single router today.  Recently their system was upgraded from
Openswan to Libreswan, and I though I had read that that multiple people
could just connect from behind the same NAT device.  But didn't work out
when they tried it.

They are using various versions of windows, from XP to 8, with the
built-in l2tp/ipsec client, and the first guy to connect works fine
until he disconnects, then all things are buggered till I restart ipsec.

I got to poking around, I found one article that said I needed to use
the SAref patch and KLIPS to make that work (all my firewalls have been
built with netkey), but I found a few other articles that make me think
configuring XAUTH is another way.

I read the man page for ipsec.conf and the README.XAUTH files, among a
bunch of other things from google, but I haven't been able to get it
working yet and I am a bit confused about how the roles shift around; it
seems xauth fills a lot of the functions I currently use xl2tpd for...

So question; will XAUTH solve the problem of getting them all connected
from behind the same router?  

I can't find anything on the net about people using XAUTH in conjunction
with windows road warriors, so I am starting to think this isn't the
solution I am looking for...

-- 
Computerisms
Bob Miller	
867-334-7117 / 867-633-3760
http://computerisms.ca