[Swan] Assign addresspool based on client certificate (IKEv2)
Paul Wouters
paul at nohats.ca
Thu Apr 23 15:56:03 UTC 2020
On Thu, 23 Apr 2020, None None wrote:
> Just create separate "conn" section for each certificate common names
> i.e.
>
>
> conn ikev2-1st-client
> ...
> rightid="CN=client1"
> rightaddresspool=192.168.43.5-192.168.43.5
>
>
> conn ikev2-2nd-client
> ...
> rightid="CN=client2"
> rightaddresspool=192.168.43.6-192.168.43.6
>
> And client was bind to ip based on they certificate =)
Yes but I would use rightsubnet=192.168.43.5/32 instead of
rightaddresspool.
Paul
More information about the Swan
mailing list