Hi, > you can assign different configurations (they are called pools there) > to different client profiles.
With these pools definition you define configuration attributes to assign to the client. You can assign Split-Includes attributes this way, but this is not the way our unity plugin works. > However, at the moment it seems like Unity split tunnel config is a > global setting in strongswan. Only if you assign them via global configuration attributes, for example using the attr plugin. > Is there any specific architecture reason it needs to be this way or is > it just a current limitation? When using the unity plugin, it implicitly creates the required Unity specific configuration attributes from the leftsubnet setting (this is mostly what the unity plugin does as responder). So you can have per-connection specific Split-Tunneling with IKEv1. > I'd like to be able to give a different split config to a user > depending on some criteria (e.g. per-user config or a flag in a radius > database or such like). There is currently no way to define the traffic selectors (leftsubnet) over RADIUS that could by used by the Unity plugin to create the Split-Include attributes. Instead you could try to disable the unity plugin, and manually forward Split-Include attributes that the RADIUS backend offers. Refer to [1] for attributes that get forwarded during RADIUS authentication. Regards Martin [1]https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius#RADIUS-attribute-forwarding _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
