SB> Am 06.05.2010 09:43, sftf schrieb: >> SB> Yes, but racoon is a different IKE-deamon. >> First I tried racoon, but then realized that the racoon does not allow >> assign specific tunnel's IP address to particular client (identified by >> certificate, for example) - >> only some address from pool via mode_cfg section. But it support >> "split-tunneling".
SB> It would be nice if you would send mail to [email protected] SB> to everybody can follow our discussion. SB> Racoon supports authentication through Xauth against ldap and radius. SB> network4 address; SB> netmask4 address; SB> The local IP pool base address and network mask from which SB> dynamically allocated IPv4 addresses should be taken. This is SB> used if conf_source is set to local or if the RADIUS server SB> returned 255.255.255.254. Default is 0.0.0.0/0.0.0.0. SB> So if authentication against radius works - it should be possible to SB> assign a specific ip-address to the client. As this man-page entry SB> states, if radius returns 255.255.255.254 the predefined ip-pool is SB> used for assignment. I agree, but on Debian, which I use, the racoon is compiled without RADIUS support. So that problems here(racoon) and there(strongswan). Waiting for split-tunneling in strongswan, and then wait when it will appear in Debian stable. _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
