[strongSwan] Split tunnel config per user (IOS)

Noel Kuntze noel at familie-kuntze.de
Sat Sep 6 21:47:53 CEST 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Raoul,

If you use strongSwan 5.2.0, you can use swanctl.conf. In that file, you can assign different configurations (they are called pools there) to different client profiles.

Regards,
Noel Kuntze

GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 06.09.2014 um 21:07 schrieb Raoul Duke:
> Hi,
>
> I'm using IOS devices (ikev1) and split tunneling via the Unity
> extensions (split-include)
>
> I'd like to be able to give a different split config to a user
> depending on some criteria (e.g. per-user config or a flag in a radius
> database or such like).
>
> However, at the moment it seems like Unity split tunnel config is a
> global setting in strongswan.  Is there any specific architecture
> reason it needs to be this way or is it just a current limitation?
>
> Can anyone suggest/recommend any viable route to making a per-user
> split-tunnel configuration?
>
> (Incidentally, I did just read that IOS 8 may support ikev2.  Does
> anyone know anything about this?.  Would this mean the normal
> leftsubnet route would work rather than having to use Unity?).
>
> Thanks.
> RD
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUC2TpAAoJEDg5KY9j7GZYuawP/1dy+SQWRdQctvrc7xyb52PZ
7Kkrk8tstka/wwiBKbW0pp+cX+CvSQxuCx5pBRdCtjoYkKcKLn8Nu24gO/QXBT5n
L2ammNPQQz0Z2eWxGwUsyAuApyhlvgoQT9vZ6vO1XkwTg2i6FdZzLZFvpb+w3RF8
2xeH1jCPT+MS7sDa+thUYzbPgWxPdD0yFvtAP3Yf8EffEBFCVab/QY+U2+FHEhsW
3VStUvsz32d0tfZa4xMz1CYSUxVUxsDdyLR1phbJwYl3WLHJvD39E9SRHknO5Mf5
v0ZBo+Pmcg68LOWCUtiRzOrfjKhO+zaEKAW3tiWV0coUVEpqQGNRBeX/2cGq4BCu
gH430dW+RIeLNuHkvjWG+EbMwbJKp1QLecSwdJ/x+LUecm8mJjmqalCe2YdKDmaj
Mqi55tHtnQc+OoyVa4/Gmy9LetcwWfKod4jGxOyh9lTgUWA1okE+tq0cvQVuL7Bh
k2xnz8ZjYUElMxJDf3k10E+lYoFRaeLijCKZmYPMzlPa3Va9QyY+oTgesUcBULgF
AXqQFl0zcyn2R5brsBCPuFyVgANCFPseN2siolxrTZrl8fUDPGVOoGa5qEJHa53k
kSxr1kLpHpuo0tg1N0fXQuLYr3dWbT1RI1udFinOBC2ydTX8j81fptO4sIY9IZ7H
MPtPmG6uev0hZP1leD2k
=70aY
-----END PGP SIGNATURE-----

More information about the Users mailing list