[strongSwan] W7 eap-mschapv2 with defined ip
Dirk Hartmann
dha at heise.de
Wed Aug 22 10:09:56 CEST 2012
Hi,
I played with a config to connect Win7 clients with EAP-MSCHAPv2 auth:
<http://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig>
works so far, but has the drawback that you can't assign a static IPs
to a special user. I tried to simply use two connections with:
conn win7eap
right=%any
rightauth=eap-mschapv2
rightsourceip=10.0.0.3
rightsendcert=never
eap_identity=dhaeap
conn win7auth
right=%any
rightauth=eap-mschapv2
rightsourceip=10.10.2.3
rightsendcert=never
eap_identity=dhaw7
But Strongswan always picks the first connection on every client
connecting via eap-mschapv2. So eap_identity doesn't work the way I
expected it to.
Aug 22 09:37:36 purgatory01 charon: 09[CFG] candidate "win7eap",
match: 1/1/5/2 (me/other/ike/version)
Aug 22 09:37:36 purgatory01 charon: 09[CFG] candidate "win7auth",
match: 1/1/5/2 (me/other/ike/version)
Aug 22 09:37:36 purgatory01 charon: 09[CFG] selected peer config
'win7eap'
Is there an other way to assign static IPs to Win7 clients connecting
with eap-mschapv2 or is this only possible using client certificates?
The thing is I would like to assign different networks to different
users depending on their department.
Thanks and Regards
Dirk
More information about the Users
mailing list