[Swan] Multiple clients behind the same NAT IP get dropped - IPSec / xauth

Paul Wouters paul at nohats.ca
Thu Jun 16 13:28:03 UTC 2016

On Wed, 15 Jun 2016, Tony Whyman wrote:

> As I type, I am using 3.17 and currently have three clients all behind the same NAT router all with active ipsec connections to two different remote servers - and can ping both. This
> setup normally works fine, although I have noticed the occasional confusion which usually requires a NAT router reset to resolve. It could be your problem is with the router rather than
> libreswan.
> There's nothing clever about my setup. A mix of Ubuntu 12.04 and 14.04 with basic road warrior setups. The server sides looks like this, with netkey and nat-traversal:

I think that is because you use tunnel mode, not transport mode that is
used with L2TP.


More information about the Swan mailing list