Am 06.05.2010 09:43, sftf schrieb: > SB> Yes, but racoon is a different IKE-deamon. > First I tried racoon, but then realized that the racoon does not allow > assign specific tunnel's IP address to particular client (identified by > certificate, for example) - > only some address from pool via mode_cfg section. But it support > "split-tunneling".
It would be nice if you would send mail to [email protected] to everybody can follow our discussion. Racoon supports authentication through Xauth against ldap and radius. network4 address; netmask4 address; The local IP pool base address and network mask from which dynamically allocated IPv4 addresses should be taken. This is used if conf_source is set to local or if the RADIUS server returned 255.255.255.254. Default is 0.0.0.0/0.0.0.0. So if authentication against radius works - it should be possible to assign a specific ip-address to the client. As this man-page entry states, if radius returns 255.255.255.254 the predefined ip-pool is used for assignment. Honestly, i never played with radius in combination with racoon as this is some pain in the ass right now. (some litle tweks need to be made to get radius working) Stefan -- Stefan Bauer ----------------------------------------- PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34 -------- plzk.de - Linux - because it works ---------- _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
