On Fri, 27 Aug 2021, Валентин Росавицкий wrote:
Is It possible to assign static ip for users when using psk+xauth?
If static ip possibe from client (right) side will be fine too.
I use default config like:
conn xauth-psk
auto=add
leftsubnet=0.0.0.0/0
rightaddresspool=10.3.0.50-10.3.0.250
modecfgdns="8.8.8.8 8.8.4.4"
leftxauthserver=yes
rightxauthclient=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
xauthby=file
fragmentation=yes
cisco-unity=yes
also=shared
xauthby
When IKEv1 XAUTH support is available, set the method used by XAUTH
to authenticate the user with
IKEv1. The currently supported values are file (the default), pam or
alwaysok. The password file is
located at /etc/ipsec.d/passwd, and follows a syntax similar to the
Apache htpasswd file, except an
additional connection name argument (and optional static IP address)
are also present:
username:password:conname:ipaddress
So you can add "special" users with static IP by adding:
myname:mypass:xauth-psk:10.3.0.49
Be careful not to assign static IP's from the addresspool= defined, or
you will get clashes.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
