[strongSwan] Please help this assign different ippool any problem?
zhuyj
mounter625 at 163.com
Mon Oct 26 12:23:34 CET 2015
You can refer to samples of strong swan, there are a lot of samples. Maybe it can help you!
发自我的 iPhone
> 在 2015年10月26日,17:44,Yanrui Hu <yhu at appannie.com> 写道:
>
> Guys,
> I start a new thread cause this question is more specific.
> To be simple, let me introduce the configuration:
>
> In file: users
> DEFAULT SQL-Group == "restricted", Pool-Name := "main_pool"
> Fall-Through = Yes
>
> DEFAULT Pool-Name := "tc_pool"
> Fall-Through = Yes
>
> In file:modules/ippool
> ippool main_pool {
> range-start = 172.16.10.1
> range-stop = 172.16.10.254
> netmask = 255.255.255.0
> cache-size = 254
> session-db = ${raddbdir}/db.ipmainpool
> ip-index = ${raddbdir}/db.ipmainindex
> override = no
> maximum-timeout = 0
> }
> ippool tc_pool {
> range-start = 172.16.11.1
> range-stop = 172.16.11.254
> netmask = 255.255.255.0
> cache-size = 254
> session-db = ${raddbdir}/db.ipsecondarypool
> ip-index = ${raddbdir}/db.ipsecondaryindex
> override = no
> maximum-timeout = 0
> }
> In file: site-enabled/default
> under accounting and post-auth
> if (SQL-Group == "restricted") {
> main_pool
> }
> else {
> tc_pool
> }
>
> I have put some user into restricted group in db. and want these users get different ippool, but seems when use main_pool as above, vpn client can not connect. Is there any reason that two ippool can not exist together?
>
> --
> Best Regards,
>
> Yanrui Hu
>
> This email may contain or reference confidential information and is intended only for the individual to whom it is addressed. Please refrain from distributing, disclosing or copying this email and the information contained within unless you are the intended recipient. If you received this email in error, please notify us at legal at appannie.com immediately and remove it from your system.
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20151026/8dedfea2/attachment.html>
More information about the Users
mailing list