[Swan] Does libreswan v3.20 support multiple clients behind NAT to communicate with public server simultaneously?
Paul Wouters
paul at nohats.ca
Tue Oct 31 06:45:01 UTC 2017
On Tue, 31 Oct 2017, Hao Chen wrote:
> I still cannot let 2 private clients behind NAT to communicate public server simultaneous. Can you please help me?
Did you try the -1 mark that causes unique marks in the XFRM policy per
client, with overlapip=yes set? It should need no custom iptables
rules. That should work. If not, you should let us now what specific
errors or problems you are seeing.
The reqids should then also automatically get generated and be unique
per client. Setting them manually is almost never the right solution.
All of this only needs to happen on the server side. The client side
needs no marking or anything odd, because it has no conflicts itself.
Paul
More information about the Swan
mailing list