[strongSwan] per-connection attributes

Andreas Steffen andreas.steffen at strongswan.org
Tue Sep 15 11:26:33 CEST 2015

Hi Марк,

the attr_sql allows to store attributes for a given user identity
in an SQLite or MySQL database. I don't know if this helps with
your requirements for per connection attribute definitions.

For details see the ipsec pool command:

   ipsec pool --addattr <type> [--pool <name> [--identity <id>]]
              --addr|--mask|--server|--subnet|--string|--hex <value>

Add a new attribute to the database. Attributes can be bundled by using
the --pool and --identity options. If a bundle matches a peer the
contained attributes are sent to that peer instead of the global ones.

   type:    a keyword from --showattr or a number from the range 1..32767
   name:    the name of the pool this attribute is added to
   id:      identity of the peer this attribute is bound to
   addr:    IPv4 or IPv6 address
   mask:    IPv4 or IPv6 netmask (synonym for --addr)
   server:  IPv4 or IPv6 address of a server (synonym for --addr)
   subnet:  IPv4 subnet[s] given by network/mask[,network/mask,...]
   string:  value of a string-type attribute
   hex:     hex value of any attribute

Best regards


On 15.09.2015 10:32, Марк Коренберг wrote:
> Ok, is any technical reason for that? or maybe someone (like me) should
> just create patch ?
> 2015-09-15 13:17 GMT+05:00 Tobias Brunner <tobias at strongswan.org
> <mailto:tobias at strongswan.org>>:
>     Hi,
>     > Is any way to provide different attribute values on different
>     > connections (different sections in ipsec.conf) ?
>     No, that's currently not possible.
>     Regards,
>     Tobias
> --
> Segmentation fault
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150915/00733f35/attachment.bin>

More information about the Users mailing list