[Swan-dev] xauth user defined ip pools with file based authentification

Paul Wouters paul at nohats.ca
Mon Apr 28 19:22:53 EEST 2014

On Mon, 28 Apr 2014, Wolfgang Nothdurft wrote:

> for one of our customers we need user defined pools with xauth.
> Because we don't want to use pam or radius for xauth, I have extended the 
> configuration with file based authentication.
> You can optional add an ip address or ip pool at the end of each passwd 
> entry. (see patch attached)
> user:password:connection[:ip or from-to ip range]
> I don't know if this scenario is wanted by others.

You could just use the native address pool:


This has additonal benefits like remembering the ID of the remote and
attempting to re-issue the same IP so if a phone switches from wifi to
3G it will get the same IP address and hopefully the existing
connections won't break.

(but use the git version of that code as we made some changes in the
  last few days)

More information about the Swan-dev mailing list