<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>Hi,</p>
    <p>did you manage to solve your problem? <br>
    </p>
    <p>I'm having the same problem...  <br>
    </p>
    <p>I follow the wiiki example:
<a class="moz-txt-link-freetext" href="https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH">https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH</a><br>
    </p>
    <p><br>
    </p>
    <p>Regards,</p>
    <p>António<br>
    </p>
    <div class="moz-cite-prefix">On 08/25/2014 09:51 AM, Pontus Wiberg
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAPPmw9rYe=0Bs6ryEcp3MxKgqVkpCAT0S6qoBKLVXMioygtSKQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">Yeah, I pretty much just tested every option I
        could even think of there. I have changed it around a lot, but
        this isn't working still. 
        <div><br>
        </div>
        <div>uniqueids=no</div>
        <div><br>
        </div>
        <div>conn roadwarrior<br>
        </div>
        <div>
          <div>        left=10.1.31.5</div>
          <div>        leftid=54.255.206.227</div>
          <div>        authby=secret</div>
          <div>        leftxauthserver=yes</div>
          <div>        leftsubnet=<a moz-do-not-send="true"
              href="http://10.1.31.0/24">10.1.31.0/24</a></div>
          <div>        right=%any</div>
          <div>        rightaddresspool=192.168.224.5-192.168.224.100</div>
          <div>        rightxauthclient=yes</div>
          <div>        leftmodecfgserver=yes</div>
          <div>        rightmodecfgclient=yes</div>
          <div>        modecfgpull=yes</div>
          <div>        modecfgdns1=8.8.8.8</div>
          <div>        xauthby=file</div>
          <div>        pfs=no</div>
          <div>        auto=add</div>
        </div>
        <div class="gmail_extra"><br>
        </div>
        <div class="gmail_extra">Seems really simple but it still loses
          the ability to route to the first client when a second one
          connects</div>
        <div class="gmail_extra"><br>
        </div>
        <div class="gmail_extra">BRs</div>
        <div class="gmail_extra">Pontus<br>
          <br>
          <br>
          <div class="gmail_quote">On 23 August 2014 00:10, Paul Wouters
            <span dir="ltr"><<a moz-do-not-send="true"
                href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>></span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div class="">On Fri, 22 Aug 2014, Pontus Wiberg wrote:<br>
                <br>
                <blockquote class="gmail_quote" style="margin:0 0 0
                  .8ex;border-left:1px #ccc solid;padding-left:1ex">
                  Finally my XAUTH configuration is working, however now
                  I find myself stuck on a NAT issue. I moved to
                  Libreswan largely because of the<br>
                  rightaddresspool options and because using XAUTH
                  should support having multiple clients behind the same
                  NAT. Now I can't get that to<br>
                  work though, I have two clients - I can connect the
                  first successfully with user "pontus", I can ping
                  everything on the inside and it<br>
                  works perfectly however as soon as one more client
                  connects (user "andre") .. all tunnels to that IP
                  break, they do not disconnect but<br>
                  there is no connectivity anywhere. Sometimes, although
                  few, the new client will stay connected and his tunnel
                  will continue to work but<br>
                  the old client will still be without connectivity. <br>
                </blockquote>
                <br>
              </div>
              <div class="">
                <blockquote class="gmail_quote" style="margin:0 0 0
                  .8ex;border-left:1px #ccc solid;padding-left:1ex">
                          uniqueids=yes<br>
                  <br>
                  conn roadwarrior<br>
                          left=10.1.31.5<br>
                          leftid=54.255.206.227<br>
                          authby=secret<br>
                          leftxauthserver=yes<br>
                          leftsubnet=<a moz-do-not-send="true"
                    href="http://10.1.31.0/24" target="_blank">10.1.31.0/24</a><br>
                          right=%any<br>
                </blockquote>
                <br>
              </div>
              You cannot use uniqueids=yes with auth=secret<br>
              <br>
              <blockquote class="gmail_quote" style="margin:0 0 0
                .8ex;border-left:1px #ccc solid;padding-left:1ex">
                        rightid=%any<br>
              </blockquote>
              <br>
              Is that even legal? I think that right=%any and
              rightid=%any should be<br>
              rejected.<br>
              <br>
              The unique id refers to the IPsec SA ID, not the xauth
              username.<br>
              <br>
              If you want to use PSK instead of X.509/RSA, use
              uniqueids=no.<span class="HOEnZb"><font color="#888888"><br>
                  <br>
                  Paul<br>
                </font></span></blockquote>
          </div>
          <br>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Swan mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>