[strongSwan] binding users to separate vpns
free.aaa
free.aaa at gmail.com
Tue May 13 11:57:15 CEST 2014
Hi all!
After a bunch of days of searching and trying I decided to ask for help
here.
I'm trying to make VPN gateway so it can serve several groups of users
(win7) and connect them to appropriate vpns (by means of mark and
leftupdown I bind roadwarriors to correct vlan subinterfaces).
So when I do IKEv2 certificate authentication(local machine certificate)
all is working, as I can select connection based on "O=" in
rightid="C=EN, O=test1, CN=*" and apply correct mark option. But what if
I want a user to be able to connect to any vpn depending on the username
(or any other thing) he enters. It seems like certificates does not
suite this 'cause when I connect vpn i can't select certificate. I tried
to authenticate users with rightauth=eap-mschapv2 and list them in
ipsec.secrets but I wonder is there any option to bind particular user
(or group of users) to conn section?
Maybe someone know another way how to allow users to connect to
different vpns (different conn sections of configuration file)?
Thanks in advance,
Alexander
More information about the Users
mailing list