Multiple Roadwarrior IPSEC tunnels?

[schnipp]

So, I am back and added a second mobile connection using the link you mentioned. Afterwards I did some tests, the second connection and two mobile connections using the same virtual ip pool look fine and work in parallel.

But, I found one bug in the GUI. For the additional connection it is not possible to define a phase2 with a subnet which is already defined in the first mobile connection. The GUI shows the following error message during configuration (there is one small adaption of consistency check needed within the backend):

The following input errors were detected:
    Phase2 with this Local Network is already defined for mobile clients.

Regarding multiple mobile connections which needs to be distinguished the ike daemon gradually tests for a valid configuration :) (see log file excerpt)

Oct 16 19:26:01    charon: 15[CFG] <con1|8> switching to peer config 'con5'
Oct 16 19:26:01    charon: 15[CFG] <con1|8> selected peer config 'con1' inacceptable: non-matching authentication done
Oct 16 19:26:01    charon: 15[CFG] <con1|8> constraint requires public key authentication, but pre-shared key was used

We should keep in mind, that all clients of the same ip pool can communicate independent to their configured endpoint.

[mimugmail]

I was also able to use IKEv1 and v2 with Xauth-PSK and EAP-MSCHAPv2 .. let's see if we can make this into stable :)

[schnipp]

That sounds good  :)