Hi,
we have some problems with vpn l2tp/ipsec: when more clients connect vpn from same network to the same remote network, 1 client at time can work. The other cannot reach the remote network. One client at a time can work for a while, then another client starts to work for a while, then another and so on.
It’s a configuration problem?
Or it’s a problem with the structure of the protocol (so we can not do anything …)?
Or a problem with RouterOS? In this case do you think it can be resolved shortly in the next releases?
It is a limitation of the protocol. You cannot have multiple L2TP/IPsec connections from the same source address, which includes “from systems behind the same NAT”.
It can be solved by using IKEv2 but that is a relatively new technology that is more complicated to setup.
You can also solve it by putting a router on the remote network that does the VPN (one time) and routes for all users at that network.
I would not like to add other network devices.
What is another good solution to have vpn remote access?
I try to config openvpn but I think it’s not easy to teach to the customers…
I can not believe there is such a great flaw in equipment that really does so many things…
The flaw is not in the equipment, Pablo.
The flaw is on the protocols, or more correct: the flaw is in the concept of NAT that makes more than one client have the same external IP address, which those protocols were not designed for.
Thanks pe1chl for clarifying. I wish there is a way to like a reply when someone provides a solution or the correct answer.
Anyway, I’ve been banging my head with what’s going on when I connect more than one client to a VPN server based on l2tp / ipsec. I didn’t know it was due to protocol. Time to learn newer technologies.