[strongSwan] binding users to separate vpns

free.aaa free.aaa at gmail.com
Tue May 13 11:57:15 CEST 2014

Hi all!

After a bunch of days of searching and trying I decided to ask for help 

I'm trying to make VPN gateway so it can serve several groups of users 
(win7) and connect them to appropriate vpns (by means of mark and 
leftupdown I bind roadwarriors to correct vlan subinterfaces).
So when I do IKEv2 certificate authentication(local machine certificate) 
all is working, as I can select connection based on "O=" in 
rightid="C=EN, O=test1, CN=*" and apply correct mark option. But what if 
I want a user to be able to connect to any vpn depending on the username 
(or any other thing) he enters. It seems like certificates does not 
suite this 'cause when I connect vpn i can't select certificate. I tried 
to authenticate users with rightauth=eap-mschapv2 and list them in 
ipsec.secrets but I wonder is there any option to bind particular user 
(or group of users) to conn section?
Maybe someone know another way how to allow users to connect to 
different vpns (different conn sections of configuration file)?

Thanks in advance,

More information about the Users mailing list