On Wed, 22 Nov 2017, Computerisms Corporation wrote:
I have an existing system where two offices share an internet connection. One office has a VPN already setup using ikev2. Now the other office wants VPN access, but we need to make sure when the VPN users connect, they can't see the other office's stuff.
You can setup two connections with different leftid= on the server, then configure the clients with a remote id that matches those. Then use different addresspool ranges for those connections. Then use iptables to make sure they cannot see each other. You will need a small patch to support the optional IDr payload processing that I haven't yet pushed to master. Ping me for that or wait a few days for it to appear in master. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
