Hi Houman, > Do you think that is possible to do via FreeRadius?
See [1]. > Just to be > clear there is always a 1:1 relationship between IKE_SA and a user at a > time, correct? Probably, that is, if you don't allow multiple IKE_SAs per user identity. > If I end an IKE_SA, I won't be kicking several users by > mistake? Not if you do so by unique ID (by name wouldn't be a good idea because all IKE_SAs by roadwarriors will share the name of the connection). > So in other words what > I'm trying to achieve is possible with Vici right? Yes. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius#Session-Timeout-and-Dynamic-Authorization-Extension