On 1 June 2017 at 10:57, Stuart Henderson <s...@spacehopper.org> wrote: > > I have an iked VPN box that needs to restrict access to certain > resources by user. For connections using a client cert this can be > done by using PF tags based on the ID from the cert, but this > falls short for EAP. > > This diff adds an $eapid macro that can be used instead. If eapid > isn't set (non-EAP connection) it just skips expanding the macro. > > OK? > > (I'd really like per-user IP address setting, but this gets the > job done in a minimal way.. :)
LGTM, OK mikeb
