On 21.09.22 13:38, Harald Dunkel wrote:
Hi folks,
is there some way to express
if peercert->OU == develop
pool = pool1
else
pool = pool2
in swanctl.conf? Some conditional expressions?
Hopefully I was not too blind to find it in the Wiki.
Regards
Harri
Hi,
I think this kind of conditional config is not possible within
strongswan. I solved that problem with a RADIUS backend that passed
group membership back to the VPN server in the CLASS attribute.
strongswan can use this class attribute as rightgroup in the config.
For details see: https://blog.sys4.de/strongswan-vpn-based-on-groups-en.html
Mit freundlichen Grüßen,
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
