[Openswan Users] Identifying different client groups

Richard Hall r.j.hall at rhul.ac.uk
Wed Mar 9 12:05:46 CET 2005

We have two internal networks behind an iptables firewall/vpn, Net1 and 
Net2. I would like to have two classes of users Class1 and Class2.   We 
also have an already established CA.

I would like to be able to give Class1 users access to Net 1 and Class2 
users access to both Net1 and Net2.   Assuming all certificates will be 
within our current CA how can I configure openswan to allow this? 
currently I have just class1 users connecting to Net1 using the 
natecarleson guide but I am unsure as to how I can identify the Class2 
users to have access to Net2 without the Class1 users certificate giving 
them access as well.   Is there some way of generating two branches in 
the certificate tree one branch for each class all under the same root?


More information about the Users mailing list