[strongSwan] Ikev2 wildcards with MacOs clients
Matthieu Nantern
matthieu.nantern at margo.com
Wed Oct 3 08:42:48 CEST 2018
Hi !
I installed StrongSwan to allow my users (mainly MacOs X clients) to use
the native ikev2 authentication. Everything is working fine.
Now I would like to implement something like that :
https://www.strongswan.org/testing/testresults/ikev2/wildcards/index.html ;
allowing some clients to access some network and not the others.
Unfortunately I didn't see (or understand) the issue on that page (
https://wiki.strongswan.org/projects/strongswan/wiki/AppleIKEv2Profile) :
- ASN.1 Distinguished Names can't be used as identities because the client
currently sends them as identities of type FQDN.
As a result when I put rightid in my configuration it's not working because
MacOsX is only sending a fqdn (an email address in my case) and not the
Distinguished Name.
My question is how can allow (or deny) some network to some user?
I have a file that associates email address to "role" but I don't know how
to use it. Maybe a plugin?
Any ideas/links?
Thank you!
--
Matthieu Nantern
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181003/5a7dc482/attachment.html>
More information about the Users
mailing list