Den tis 12 apr. 2022 kl 15:30 skrev Łukasz Moskała <l...@lukaszmoskala.pl>: > I remember talking with network engineer at one company I used to work at. > We used fortigate firewalls, and I asked why are we using SSLVPN instead of > ipsec-based vpn, as both were supported. > He said something along the lines of "ipsec does not work when there are two > devices connecting from the same IP so this would be issue for us when two > admins were on the same public wifi, or lived together" > I don't know if this is specific to fortinet's implementation, or if it's > issue with ipsec itself, as I never used ipsec in anything else than > site-to-site connection.
Some ipsec implementations require that IKE (v1?) negotiation comes with source udp port 500, and since two clients behind one NAT can't both map their outgoing packets (or even one of them) to this single port, it is not possible to have two nat'ed clients behind same external IP. -- May the most significant bit of your life be positive.
