[Openswan Users] Any way to restrict a particular user group to an IP range

Paul Wouters paul at xelerance.com
Mon Jun 22 10:09:59 EDT 2009


On Mon, 22 Jun 2009, Janantha Marasinghe wrote:

> My current setup is Openswan, Xl2tpd. My problem is described below.
> Say for example you have different users belonging to different orgs
> connecting to the same VPN server. Please note that the users will be
> dynamic Road warriors. I'm wondering whether there is a way to give
> certain IP ranges to certain user groups rather than giving IP addresses
> from the same range. Thanks a lot for the support

Yes. in /etc/ppp/chap-secrets you can do things like:

# client	server	secret			IP addresses
paul		*	password		192.168.1.0/24
john		*	password		192.168.1.0/24
marketing	*	password		192.168.2.0/24

You can even hand out specific IP's

Paul


More information about the Users mailing list