[Swan] "cannot install eroute" when second client connected from behind the same NAT

jvpn at use.startmail.com jvpn at use.startmail.com
Mon Jul 27 20:53:36 UTC 2015


Adding overlapip=yes allows second client connection but then both clients timeout and disconnect.

What iptables rules are needed? Are there any samples?

Regards,
Josh.

On Monday, July 27, 2015 8:46 AM, Paul Wouters <paul at nohats.ca> wrote:
> This is not currently supported with NETKEY. You can get passed the
> "eroute is in use" by adding overlapip=yes (I believe we removed the
> stack restriction on that) but you still need some iptables rules
> based on the reqid to ensure these two flows will work properly.
> 


More information about the Swan mailing list