Hi Paul,
I think we are good to wait a bit till you can get it pushed out...
and just to say this back to you to make sure that I understand; I would
set up two firewall certs and import them into nss, and setup a conn for
each with matching leftids; then have two DNS entries matching each cert
name/left id, and configure the clients to connect via their respective
DNS entries? or is there another way to make windows connect to the
correct conn based on leftid?
On 2017-11-23 11:10 AM, Paul Wouters wrote:
On Wed, 22 Nov 2017, Computerisms Corporation wrote:
I have an existing system where two offices share an internet
connection. One office has a VPN already setup using ikev2. Now the
other office wants VPN access, but we need to make sure when the VPN
users connect, they can't see the other office's stuff.
You can setup two connections with different leftid= on the server, then
configure the clients with a remote id that matches those. Then use
different addresspool ranges for those connections. Then use iptables to
make sure they cannot see each other.
You will need a small patch to support the optional IDr payload
processing that I haven't yet pushed to master. Ping me for that or wait
a few days for it to appear in master.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
