[strongSwan] Calculating the generated MAC address when identity_lease is enabled

Micah R Ledbetter me at micahrl.com
Tue Apr 10 00:07:55 CEST 2018

Hello Tobias,

> > 5.  Even better, can I use a single conn section to match all users,
> >     no matter their operating system, and enforce that they send their
> >     client identifier to the DHCP server the same way?
> Have a look at [1] for my suggestion to Harald (who had a similar
> question) for a possible code modification to do this (i.e. get the
> client certificate, extract the first dNSName SAN and then forward that
> as host name in the DHCP request).
> [1] https://wiki.strongswan.org/issues/2581

Ah hah. I'm not sure that's the right path for my project, but I'll take it under consideration.

Thanks for taking the time to answer my questions - you've gone above and beyond, and I understand the identity matching and DHCP systems much better now.

- Micah

More information about the Users mailing list