[Swan] Multiple clients behind same NAT network

Валентин Росавицкий valintinr at ukr.net
Sun Jan 3 20:17:49 UTC 2021

The second client from the same nat network could not connect to the server, I will check all the logs again tomorrow.
First I want to configure everything via ipsec+xauth but ipsec+l2tp I will also use.

3 января 2021, 19:30:16, от "Paul Wouters" <paul at nohats.ca>:

On Sun, 3 Jan 2021, Валентин Росавицкий wrote:

> I am trying to configure ipsec with hwdsl2 scripts for ipsec+xauth. Immediately after installation everything
> works without problems but I need to connect multiple clients from the same NAT network and for this I
> specified in the configuration file the option mark=-1 (-1/0xffffffffff) and overlap=yes and this leads to the
> client being able to successfully connect to the server but nothing else works.

I thought that was no longer neccessary? Recent versions should handle
multiple clients behind the same NAT. Since every instance gets its own
IP address, there is no need for overlapip= since you are not using
transport mode. the overlapip= option was in use for L2TP/IPsec in
transport mode where clashing clients use the same pre-NAT IP adress
from behind different NAT routers.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210103/011763de/attachment.html>

More information about the Swan mailing list