[strongSwan] Separate devices connecting with same user-based credentials (Virtual IP)
Luke Wilmen
luke at wilmen.co
Tue Sep 6 16:00:50 CEST 2016
Hi all,
After using the powers of Google endlessly for many hours, I was
wondering if someone could point me in the correct direction...
I'm wanting to configure a roadwarrior setup where the user may possess
multiple devices, but uses the same authentication credentials
(eap-identity via eap-radius with an mschapv2 authentication to a
freeradius backend). The subnet offered from the VPN gateway is
0.0.0.0/0, and a virtual IP address is assigned.
With the above setup, multiple devices are able to connect with ease,
however they all devices with the same user authentication credentials
receive the same Virtual IP from strongswan.
Copy of connection block on gateway:
conn rw-eap
left=123.123.123.123
leftcert=server.crt
leftid=@server01.geo.domain.com
leftsubnet=0.0.0.0/0
leftauth=pubkey
leftfirewall=yes
rightauth=eap-radius
rightid=*@domain.com
rightsendcert=never
right=%any
rightsourceip=192.168.0.0/24
auto=add
fragmentation=yes
Naturally, IP addresses and domain names changed for anonymisation.
Best regards,
Luke.
More information about the Users
mailing list