Hi Andreas, works like a charm. Thank you very much!
Dirk --On Wednesday, August 22, 2012 10:22:59 AM +0200 Andreas Steffen <[email protected]> wrote: > Hi Dirk, > > did you have a look at the ipsec pool tool which allows to > pre-assign static IP addresses to users by storing them in > a small SQLite database: > > http://wiki.strongswan.org/projects/strongswan/wiki/IpsecPool > > Interesting for you is a feature which allows ipsec pool > to read file-based list and store the entries in the > database > > ipsec pool --add <name> --addresses <file> [--timeout <timeout>] > > Add a list of pool addresses to the database. > > name: Name of the pool, as used in ipsec.conf rightsourceip=%name > > file: File where newline-separated pool addresses for are read from > > Optionally each address can be pre-assigned to a roadwarrior identity, > e.g. [email protected]. > If a '-' (hyphen) is given instead of a file name, the addresses are > read from STDIN. > Reading addresses stops at the end of file or an empty line. > Pools created with this command can not be resized. > > timeout: Lease time in hours, 0 for static leases > > Best regards > > Andreas > > On 22.08.2012 10:09, Dirk Hartmann wrote: >> Hi, >> >> I played with a config to connect Win7 clients with EAP-MSCHAPv2 >> auth: >> <http://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultiple >> Config> >> >> >> works so far, but has the drawback that you can't assign a static >> IPs to a special user. I tried to simply use two connections with: >> >> conn win7eap >> right=%any >> rightauth=eap-mschapv2 >> rightsourceip=10.0.0.3 >> rightsendcert=never >> eap_identity=dhaeap >> >> conn win7auth >> right=%any >> rightauth=eap-mschapv2 >> rightsourceip=10.10.2.3 >> rightsendcert=never >> eap_identity=dhaw7 >> >> But Strongswan always picks the first connection on every client >> connecting via eap-mschapv2. So eap_identity doesn't work the way I >> expected it to. >> >> Aug 22 09:37:36 purgatory01 charon: 09[CFG] candidate "win7eap", >> match: 1/1/5/2 (me/other/ike/version) >> Aug 22 09:37:36 purgatory01 charon: 09[CFG] candidate "win7auth", >> match: 1/1/5/2 (me/other/ike/version) >> Aug 22 09:37:36 purgatory01 charon: 09[CFG] selected peer config >> 'win7eap' >> >> Is there an other way to assign static IPs to Win7 clients >> connecting with eap-mschapv2 or is this only possible using client >> certificates? >> >> The thing is I would like to assign different networks to different >> users depending on their department. >> >> Thanks and Regards >> >> Dirk > ====================================================================== > Andreas Steffen [email protected] > strongSwan - the Linux VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > -- Dirk Hartmann, Heise Zeitschriften Verlag GmbH & Co. KG IT-Systemmanagement, Karl-Wiechert-Allee 10, D-30625 Hannover E-Mail: [email protected] - Tel.: +49 511 5352 494 - FAX: - 479 PGP-Fingerprint 4153 7C95 3259 C39F 49AA 9BAA 6833 A8DC 6D90 050E Don't blame me for the following spam, blame european government: Heise Zeitschriften Verlag GmbH & Co. KG Registergericht: Amtsgericht Hannover HRA 26709 Persönlich haftende Gesellschafterin: Heise Zeitschriften Verlag Geschäftsführung GmbH Registergericht: Amtsgericht Hannover, HRB 60405 Geschäftsführer: Ansgar Heise, Dr. Alfons Schräder _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
