[strongSwan] conditional expressions in swanctl.conf?
Michael Schwartzkopff
ms at sys4.de
Wed Sep 21 13:42:09 CEST 2022
On 21.09.22 13:38, Harald Dunkel wrote:
> Hi folks,
>
> is there some way to express
>
> if peercert->OU == develop
> pool = pool1
> else
> pool = pool2
>
> in swanctl.conf? Some conditional expressions?
>
> Hopefully I was not too blind to find it in the Wiki.
>
>
> Regards
> Harri
Hi,
I think this kind of conditional config is not possible within
strongswan. I solved that problem with a RADIUS backend that passed
group membership back to the VPN server in the CLASS attribute.
strongswan can use this class attribute as rightgroup in the config.
For details see: https://blog.sys4.de/strongswan-vpn-based-on-groups-en.html
Mit freundlichen Grüßen,
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the Users
mailing list