[Swan] "cannot install eroute" when second client connected from behind the same NAT
jvpn at use.startmail.com
jvpn at use.startmail.com
Mon Jul 27 20:53:36 UTC 2015
Adding overlapip=yes allows second client connection but then both clients timeout and disconnect.
What iptables rules are needed? Are there any samples?
Regards,
Josh.
On Monday, July 27, 2015 8:46 AM, Paul Wouters <paul at nohats.ca> wrote:
> This is not currently supported with NETKEY. You can get passed the
> "eroute is in use" by adding overlapip=yes (I believe we removed the
> stack restriction on that) but you still need some iptables rules
> based on the reqid to ensure these two flows will work properly.
>
More information about the Swan
mailing list