racoon, IKEv1 and multiple ipsec clients behind NAT

To: tech-net%NetBSD.org@localhost
Subject: racoon, IKEv1 and multiple ipsec clients behind NAT
From: "Mathew\, Cherry G.*" <c%bow.st@localhost>
Date: Wed, 19 Oct 2022 07:06:39 +0000

Hello tech-net,

I had a user question about ipsec using racoon.

I have racoon running on a static IP, and I'm able to make sharedkey
connections to it from multiple clients behind NATs over different
ISPs. However, multiple clients behind the same NAT connecting over
NAT-D don't seem to be able to work.

The symptom I see is that the second connection times out the first one,
and the first in-band ppp interface (using xl2tpd) drops.

Before posting configs, logs etc, I wanted to ask if we are able to
support multiple clients (say behind a residential ISP router NAT)
creating independant l2tp/ipsec transport connections (eg: from multiple
phone devices etc.)

Many Thanks,
-- 
~cherry

Follow-Ups:
- Re: racoon, IKEv1 and multiple ipsec clients behind NAT
  - From: Gert Doering
- Re: racoon, IKEv1 and multiple ipsec clients behind NAT
  - From: Chuck Zmudzinski
- Re: racoon, IKEv1 and multiple ipsec clients behind NAT
  - From: Manuel Bouyer

Prev by Date: can the IPv[4,6]-in-IPCOMP-in-{ESP,AH}-in-IPv[4,6] interop fix be applied to NetBSD 10?
Next by Date: Re: racoon, IKEv1 and multiple ipsec clients behind NAT
Previous by Thread: can the IPv[4,6]-in-IPCOMP-in-{ESP,AH}-in-IPv[4,6] interop fix be applied to NetBSD 10?
Next by Thread: Re: racoon, IKEv1 and multiple ipsec clients behind NAT
Indexes:

Home | Main Index | Thread Index | Old Index