[strongSwan] VPN on-demand blackholing for unaunthenticated users
kgardenia42
kgardenia42 at googlemail.com
Fri Nov 30 16:34:18 CET 2012
On Wed, Nov 21, 2012 at 6:15 PM, Andreas Steffen
<andreas.steffen at strongswan.org> wrote:
> Hi,
>
> would this scenario help you?
>
> http://www.strongswan.org/uml/class-attributes/ikev2/rw-eap-md5-class-radius/
>
> You can assign the blacklisted users via a RADIUS Class attribute
> to a special confined network.
Andreas: this looks perfect. However it seems that this requires the
IKEv2 / EAP combination. However, to my knowledge:
* IOS clients only support IKEv1 (which cannot do EAP)
* IKEv1 (which is supported by IOS clients) cannot do EAP
Did I miss something?
If so, can you suggest a way to do anything similar for IKEv1?
Thanks.
More information about the Users
mailing list