On Thu, 23 Apr 2020, None None wrote:
Please advice me, how i can assign rightaddresspool (IP) for users based on his certificates(IKEv2)? I.e. i'm issue 2 certificate vpn.user1 and vpn.user2 and want that vpn.user1 always got x.x.x.32 ip and vpn.user1 always got x.x.x.33 ip
Currently, that is not possible unfortunately. Users are given back their old lease IP whenever we can, so it does remain fairly static if your addresspool is big enough. I agree it would be good to work on this as a feature. If your deployment is very small, instead of one conn, you can have one conn per user and set each with a separate rightsubnet=IPaddress/32 A fairly simple solution could be to write code for a new option in the /etc/ipsec.secrets file (or a new file) that uses: @userid :IP 1.2.3.4 But currently, we don't have that. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
