[strongSwan] How to Group incoming connections and give access rights accordingly
Arshan Awais
arshanawais at yahoo.com
Fri May 16 12:48:45 CEST 2014
Hi,
I am running strongswan v5.1.3 server which is listening on my public interface (10.1.1.30). Server has two private networks 172.16.1.0/24 and 172.16.2.0/24. I have two types of clients/users (Accounts and Staff). I need to allow access to 172.16.1.0/24 to Staff and allow access to 0.0.0.0/0 to Accounts (both users using Cisco Clients). So i have configure two conns in ipsec.conf.
Here are my configs http://pastebin.com/dXxicWvv
Client's screenshot is http://www.cisco.com/c/dam/en/us/support/docs/security/vpn-client/42761-vpnclient-pix-aes-3.gif
When I connect to the server, using "accounts" in Name field of the client, and "secret" in the Password field, it asks for Xauth credentials. Entering "accounts" in user field and "accountspwd" in password field successfully connects.
But when I connect to the server, using "staff" in Name field of the client, and "secret" in the Password field, it asks for Xauth credentials. Entering "staff" in user field and "cisco2pwd" in password field fails authentication.
Examining log shows that even in the second case, the server chooses 'cisco_accounts' connection from ipsec.conf thus fails to authenticate xauth credentials.
Any solution plz....???
More information about the Users
mailing list