I am trying to route all of my ipv4 traffic through a particular server
using OpenIKED. I have it successfully set up so that each client can
connect, and the traffic passes through correctly, but it only works for
one client at a time. If Client A is connected by itself things work
just fine, but once I connect Client B, Client B works and client A no
longer is able to pass any traffic out. I restart IKED on Client A, and
Client B loses it's connection.
I searched through misc and didn't find anyone talking about exactly
what I was trying to do, and a web search turned up one useful result
that claims using ikev2 I cannot do this without ipv6.
https://serverfault.com/questions/775238/two-road-warrior-clients-behind-the-same-nat-device-ikev2-strongswan-libreswa
The claim that nat can't differentiate between the traffic of each
client makes sense to me, but there is a lot I do not know.
I know that traffic can be tagged by IKED and have tried routing by tag
in pf to no avail. However, it is possible I have not done this correctly.
My questions are:
1. If I want multiple "road warrior" clients behind nat in IKED do I
need to implement ipv6?
2. Is there a different way to accomplish this besides ipv6?
No comments:
Post a Comment