On Sat, 15 Nov 2014 00:48:44 +0000 James McGoodwin <jmcgood...@kobo.com> wrote: > However Windows clients are limited to only one connection at a > time. Subsequent connections cause the current session to die and > be replaced by the new one. (snip) > In short, many security associations (for each windows client) but only one > actual flow. > > Isakmpd doesnt have a way to distinguish between the connections as it > renegotiates their keys.
I could repeat the problem. When rekeying, only one of the connections can keep the IPsec session and others are dropped. It seems isakmpd NAT-T has an issue. I also would like to fix it. But I need to learn the isakmpd code. It may take time. --yasuoka
