[Openswan Users] Identifying different client groups
Andreas Steffen
andreas.steffen at strongsec.net
Wed Mar 9 14:04:46 CET 2005
Hi Rich,
you can use *swan's wildcard capability. For details consult my
HOWTO under the link
http://www.strongswan.org/docs/readme.htm#section_4.6
Regards
Andreas
Richard Hall wrote:
> We have two internal networks behind an iptables firewall/vpn, Net1 and
> Net2. I would like to have two classes of users Class1 and Class2. We
> also have an already established CA.
>
> I would like to be able to give Class1 users access to Net 1 and Class2
> users access to both Net1 and Net2. Assuming all certificates will be
> within our current CA how can I configure openswan to allow this?
> currently I have just class1 users connecting to Net1 using the
> natecarleson guide but I am unsure as to how I can identify the Class2
> users to have access to Net2 without the Class1 users certificate giving
> them access as well. Is there some way of generating two branches in
> the certificate tree one branch for each class all under the same root?
>
> Thanks
> Rich
=======================================================================
Andreas Steffen e-mail: andreas.steffen at strongsec.com
strongSec GmbH home: http://www.strongsec.com
Alter Zürichweg 20 phone: +41 1 730 80 64
CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
==========================================[strong internet security]===
More information about the Users
mailing list