<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi,</p>
<p>did you manage to solve your problem? <br>
</p>
<p>I'm having the same problem... <br>
</p>
<p>I follow the wiiki example:
<a class="moz-txt-link-freetext" href="https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH">https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH</a><br>
</p>
<p><br>
</p>
<p>Regards,</p>
<p>António<br>
</p>
<div class="moz-cite-prefix">On 08/25/2014 09:51 AM, Pontus Wiberg
wrote:<br>
</div>
<blockquote
cite="mid:CAPPmw9rYe=0Bs6ryEcp3MxKgqVkpCAT0S6qoBKLVXMioygtSKQ@mail.gmail.com"
type="cite">
<div dir="ltr">Yeah, I pretty much just tested every option I
could even think of there. I have changed it around a lot, but
this isn't working still.
<div><br>
</div>
<div>uniqueids=no</div>
<div><br>
</div>
<div>conn roadwarrior<br>
</div>
<div>
<div> left=10.1.31.5</div>
<div> leftid=54.255.206.227</div>
<div> authby=secret</div>
<div> leftxauthserver=yes</div>
<div> leftsubnet=<a moz-do-not-send="true"
href="http://10.1.31.0/24">10.1.31.0/24</a></div>
<div> right=%any</div>
<div> rightaddresspool=192.168.224.5-192.168.224.100</div>
<div> rightxauthclient=yes</div>
<div> leftmodecfgserver=yes</div>
<div> rightmodecfgclient=yes</div>
<div> modecfgpull=yes</div>
<div> modecfgdns1=8.8.8.8</div>
<div> xauthby=file</div>
<div> pfs=no</div>
<div> auto=add</div>
</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Seems really simple but it still loses
the ability to route to the first client when a second one
connects</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">BRs</div>
<div class="gmail_extra">Pontus<br>
<br>
<br>
<div class="gmail_quote">On 23 August 2014 00:10, Paul Wouters
<span dir="ltr"><<a moz-do-not-send="true"
href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="">On Fri, 22 Aug 2014, Pontus Wiberg wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Finally my XAUTH configuration is working, however now
I find myself stuck on a NAT issue. I moved to
Libreswan largely because of the<br>
rightaddresspool options and because using XAUTH
should support having multiple clients behind the same
NAT. Now I can't get that to<br>
work though, I have two clients - I can connect the
first successfully with user "pontus", I can ping
everything on the inside and it<br>
works perfectly however as soon as one more client
connects (user "andre") .. all tunnels to that IP
break, they do not disconnect but<br>
there is no connectivity anywhere. Sometimes, although
few, the new client will stay connected and his tunnel
will continue to work but<br>
the old client will still be without connectivity. <br>
</blockquote>
<br>
</div>
<div class="">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
uniqueids=yes<br>
<br>
conn roadwarrior<br>
left=10.1.31.5<br>
leftid=54.255.206.227<br>
authby=secret<br>
leftxauthserver=yes<br>
leftsubnet=<a moz-do-not-send="true"
href="http://10.1.31.0/24" target="_blank">10.1.31.0/24</a><br>
right=%any<br>
</blockquote>
<br>
</div>
You cannot use uniqueids=yes with auth=secret<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
rightid=%any<br>
</blockquote>
<br>
Is that even legal? I think that right=%any and
rightid=%any should be<br>
rejected.<br>
<br>
The unique id refers to the IPsec SA ID, not the xauth
username.<br>
<br>
If you want to use PSK instead of X.509/RSA, use
uniqueids=no.<span class="HOEnZb"><font color="#888888"><br>
<br>
Paul<br>
</font></span></blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Swan mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a>
</pre>
</blockquote>
<br>
</body>
</html>