Windows connect failed with error 809
I'm using StrongSwan U5.2.0.
And ipsec.conf as following:
config setup uniqueids=no conn %default left=■■■.■■■.■■■.■■■ leftsubnet=0.0.0.0/0 right=%any auto=add dpdaction=clear dpddelay=300s dpdtimeout=120s conn IKEv1 keyexchange=ikev1 aggressive=yes rightauth=xauth-eap rightsourceip=%ikev1 conn L2TP-PSK-NAT leftfirewall=yes rightfirewall=yes also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT keyexchange=ikev1 type=transport authby=psk keyingtries=3 rekey=no leftprotoport=17/1701 rightprotoport=17/%any reauth=no #ike="aes256-sha1-modp2048!" #esp="aes-sha1!"
The problem is, when two clients(win7) after same NAT, only one client can connect to VPN. The later one shows error 809 and ipsec log shows 'unable to install policy'.
iOS and OSx is completely not affect.
I have read issue #365, that explains why. But is there any other way except IEKv2 ?
#1 Updated by Tobias Brunner about 6 years ago
- Description updated (diff)
- Status changed from New to Feedback
- Assignee set to Tobias Brunner
But is there any other way except IEKv2?
Not really. If you can't get your clients to get your clients to use different source ports for L2TP your only option might be to implement some kind of mapping on the server.
What's the reason you don't want to use IKEv2?
#3 Updated by Tobias Brunner about 6 years ago
- Category changed from windows to interoperability