Issue #712
Updated by Tobias Brunner almost 11 years ago
I'm using StrongSwan U5.2.0.
And ipsec.conf as following:
<pre>
config setup
uniqueids=no
conn %default
left=■■■.■■■.■■■.■■■
leftsubnet=0.0.0.0/0
right=%any
auto=add
dpdaction=clear
dpddelay=300s
dpdtimeout=120s
conn IKEv1
keyexchange=ikev1
aggressive=yes
rightauth=xauth-eap
rightsourceip=%ikev1
conn L2TP-PSK-NAT
leftfirewall=yes
rightfirewall=yes
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
keyexchange=ikev1
type=transport
authby=psk
keyingtries=3
rekey=no
leftprotoport=17/1701
rightprotoport=17/%any
reauth=no
#ike="aes256-sha1-modp2048!"
#esp="aes-sha1!"
</pre>
The problem is, when two clients(win7) after same NAT, only one client can connect to VPN. The later one shows error 809 and ipsec log shows 'unable to install policy'.
iOS and OSx is completely not affect.
I have read issue #365, that explains why. But is there any other way except IEKv2 ?
And ipsec.conf as following:
<pre>
config setup
uniqueids=no
conn %default
left=■■■.■■■.■■■.■■■
leftsubnet=0.0.0.0/0
right=%any
auto=add
dpdaction=clear
dpddelay=300s
dpdtimeout=120s
conn IKEv1
keyexchange=ikev1
aggressive=yes
rightauth=xauth-eap
rightsourceip=%ikev1
conn L2TP-PSK-NAT
leftfirewall=yes
rightfirewall=yes
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
keyexchange=ikev1
type=transport
authby=psk
keyingtries=3
rekey=no
leftprotoport=17/1701
rightprotoport=17/%any
reauth=no
#ike="aes256-sha1-modp2048!"
#esp="aes-sha1!"
</pre>
The problem is, when two clients(win7) after same NAT, only one client can connect to VPN. The later one shows error 809 and ipsec log shows 'unable to install policy'.
iOS and OSx is completely not affect.
I have read issue #365, that explains why. But is there any other way except IEKv2 ?