[strongSwan] (Vici) How to disconnect a VPN connection on the server side?
Tobias Brunner
tobias at strongswan.org
Tue Sep 10 09:31:59 CEST 2019
Hi Houman,
> Do you think that is possible to do via FreeRadius?
See [1].
> Just to be
> clear there is always a 1:1 relationship between IKE_SA and a user at a
> time, correct?
Probably, that is, if you don't allow multiple IKE_SAs per user identity.
> If I end an IKE_SA, I won't be kicking several users by
> mistake?
Not if you do so by unique ID (by name wouldn't be a good idea because
all IKE_SAs by roadwarriors will share the name of the connection).
> So in other words what
> I'm trying to achieve is possible with Vici right?
Yes.
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius#Session-Timeout-and-Dynamic-Authorization-Extension
More information about the Users
mailing list