[strongSwan] Windows 10 DeviceTunnel and rightid via LDAP/AD or RADIUS?
Hendl Stephan
stephan.hendl at landtag.brandenburg.de
Tue Jun 25 13:55:43 CEST 2019
Hello,
we have set up a device tunnel as force tunnel with machine certificates in Windows 10 based on https://wiki.strongswan.org/projects/strongswan/wiki/Win7MultipleConfig with the following configuration:
conn ikev2-DeviceTunnel-EDV
keyexchange=ikev2
leftcert=vpn.company.de.pem
leftsubnet=10.0.0.0/8
rightid="DC=de, DC=company, OU=<some OU>, OU=computers, CN=*"
rightsourceip=10.142.22.0/24
rekey=no
rightdns=10.142.223.253,10.142.223.254
#
auto=add
This work as expected but all clients have to have certificates where the DN is part oft he same LDAP-tree ("DC=de, DC=company, OU=<some OU>, OU=computers, CN=*"). We use the device tunnel for starting the tunnel as far as network connection has established. There should no user interaction be required.
Is there a possibility to extend the authorization with group memebrship coming from LDAP/AD or RADIUS?
Best regards
Stephan Hendl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190625/104cc88f/attachment.html>
More information about the Users
mailing list