[Swan-dev] xauth user defined ip pools with file based authentification

Wolfgang Nothdurft wolfgang at linogate.de
Mon Apr 28 23:12:34 EEST 2014

Am 28.04.2014 18:22, schrieb Paul Wouters:
> On Mon, 28 Apr 2014, Wolfgang Nothdurft wrote:
>> for one of our customers we need user defined pools with xauth.
>> Because we don't want to use pam or radius for xauth, I have extended
>> the configuration with file based authentication.
>> You can optional add an ip address or ip pool at the end of each
>> passwd entry. (see patch attached)
>> user:password:connection[:ip or from-to ip range]
>> I don't know if this scenario is wanted by others.
> You could just use the native address pool:
>      rightaddresspool=
> This has additonal benefits like remembering the ID of the remote and
> attempting to re-issue the same IP so if a phone switches from wifi to
> 3G it will get the same IP address and hopefully the existing
> connections won't break.
> Paul
> (but use the git version of that code as we made some changes in the
>   last few days)

No, unfortunately I can't use rightaddresspool in the connection.

The customer has vpn ip phones which will be configured by a template 
and setting different remoteids seems sadly not possible or to complicated.

So all phones connects with the same remoteid, but different usernames 
to the same wildcard connection.
And with the patch they can configure pools or ip addresses for each phone.

The second "workaround" I've made for this scenario, is that pluto 
internal extend the remoteid with the xauth username to make it possible 
that the phones can get different ip addresses even though the original 
remote id is the same. ;)

And while I wrote this I notice that the patch is really very special.

The only scenario beside our special one I can think off would be that 
users gets every time the same ip regardless which client/connection 
they use.


More information about the Swan-dev mailing list