[Swan] user access control ?
Paul Wouters
paul at nohats.ca
Fri Apr 20 20:43:36 UTC 2018
On Fri, 20 Apr 2018, Glenn Pierce wrote:
> At the moment users can access a number of private networks. ie
>
> rightsubnets=10.253.175.48/29,10.76.1.128/28,10.179.32.0/24,10.139.0.0/24,10.132.54.0/24,10.76.16.0/24
>
>
> Is there a way to specify networks or ip addresses a particular user
> can access ?
You can do two things:
- in the updown script, add/remote user specific firewall rules
- split the connection based on X.509 properties (eg OU=group1 vs
OU=group2) so they end up on a different conn, which has different
rightsunets.
Paul
More information about the Swan
mailing list