[Openswan Users] Identifying different client groups

Andreas Steffen andreas.steffen at strongsec.net
Wed Mar 9 14:04:46 CET 2005

Hi Rich,

you can use *swan's wildcard capability. For details consult my
HOWTO under the link




Richard Hall wrote:
> We have two internal networks behind an iptables firewall/vpn, Net1 and 
> Net2. I would like to have two classes of users Class1 and Class2.   We 
> also have an already established CA.
> I would like to be able to give Class1 users access to Net 1 and Class2 
> users access to both Net1 and Net2.   Assuming all certificates will be 
> within our current CA how can I configure openswan to allow this? 
> currently I have just class1 users connecting to Net1 using the 
> natecarleson guide but I am unsure as to how I can identify the Class2 
> users to have access to Net2 without the Class1 users certificate giving 
> them access as well.   Is there some way of generating two branches in 
> the certificate tree one branch for each class all under the same root?
> Thanks
> Rich

Andreas Steffen                   e-mail: andreas.steffen at strongsec.com
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===

More information about the Users mailing list