[Swan] ikev2, defining IP per client
Paul Wouters
paul at nohats.ca
Thu Nov 23 19:10:45 UTC 2017
On Wed, 22 Nov 2017, Computerisms Corporation wrote:
> I have an existing system where two offices share an internet connection.
> One office has a VPN already setup using ikev2. Now the other office wants
> VPN access, but we need to make sure when the VPN users connect, they can't
> see the other office's stuff.
You can setup two connections with different leftid= on the server, then
configure the clients with a remote id that matches those. Then use
different addresspool ranges for those connections. Then use iptables to
make sure they cannot see each other.
You will need a small patch to support the optional IDr payload
processing that I haven't yet pushed to master. Ping me for that or wait
a few days for it to appear in master.
Paul
More information about the Swan
mailing list