IPSec + L2TP + NAT-Traversal does not work for multiple clients behind same nat
I have recently configured a VPN server hosted in AWS EC2. Details: Centos 6.4, openswan, xl2tpd, NAT-traversal. The configuration works great for a scenario when only one user connects form a given public IP address behind NAT. But when there are multiple clients behind same NAT, every new client connection drops old one. Looking at logs I can make a conclusion that l2tp treats all connections from the same nat as one.
Am I missing something? Is there a solution?
Your help is much appreciated.
Solution 1:
IPSEC is very sensitive to NATted clients. You need to read about how to enable NAT traversal features on both clients and server. Out of the box it may detect only the public IP of the NATted clients and then kick out an older connection.
Second thing to check, very important in fact, you may need certificates for each client. Simple preshared key is not enough to establish identity for multiple clients, in case you use this until now.
That said, I gave up on IPSEC and moved to OpenVPN or tinc setups which use SSL and can traverse NAT more easily. The configuration of IPSEC can make you cry, even if it is still a very good encryption/authentication method.