L2TP Ipsec - several connections from/to same IP addres

Bomber67 · November 13, 2013, 9:20pm

Hi all,

I have established an L2TP server using an RB750GL, with Windows users connecting from their locations, and they are successfully added to the LAN bridge, enabling them to access LAN resources. Users have separate secrets, but use same PPP profile.
Server IP is resolved from a changeip.net domain. Only one public IP on server.

This works fine when users are scattered around with different public IPs, but now I need several users to connect while sitting behind the same NAT router, i.e. the originating address exposed is the same.
When one of them connect to the server, the guy already connected is thrown out and so on…

IPSec peer property “NAT traversal” is checked, but that’s maybe related to the server side?

So how can I maintain several connections with same IP in both ends?

Bomber67 · November 17, 2013, 7:16pm

Nobody?

Bomber67 · November 19, 2013, 6:09pm

Ok…they say that talking to yourself is the first sign of…something…

Anyway, trying to find a workaround for this, some ideas came across my mind:

Order more public IPs on the client side and establish 1:1 NAT for the users in question
Order more public IPs on the server side and let each client connect to different IP
Bridge DSL modem and install MT router behind as NAT router, then set up VPN tunnel between it and VPN server.

So what do you think guys?

mrz · November 19, 2013, 6:23pm

There can be only one ipsec client behind one nated ip address.

Best way would be to give each client public IP, but that is not always possible.

If you know client’s router IP you can make static ipsec tunnel and just allow to set up l2tp or other vpn tunnel over that ipsec tunnel.