[strongSwan] Calculating the generated MAC address when identity_lease is enabled
Micah R Ledbetter
me at micahrl.com
Tue Apr 10 00:07:55 CEST 2018
Hello Tobias,
> > 5. Even better, can I use a single conn section to match all users,
> > no matter their operating system, and enforce that they send their
> > client identifier to the DHCP server the same way?
>
> Have a look at [1] for my suggestion to Harald (who had a similar
> question) for a possible code modification to do this (i.e. get the
> client certificate, extract the first dNSName SAN and then forward that
> as host name in the DHCP request).
>
> [1] https://wiki.strongswan.org/issues/2581
Ah hah. I'm not sure that's the right path for my project, but I'll take it under consideration.
Thanks for taking the time to answer my questions - you've gone above and beyond, and I understand the identity matching and DHCP systems much better now.
- Micah
More information about the Users
mailing list