[Openswan Users] openswan, ldap, and static ip assignment
Cindy Moore
ctmoore at cs.ucsd.edu
Tue Aug 26 16:10:07 EDT 2014
Yikes.
So I've gotten openswan up and running and authenticating through out
LDAP server (yay me).
However, we're interested in assigning static ip addresses per user
for security (we export nfs directories around, and prefer not to list
blocks or pools of IP addresses that large numbers of people use :-P
The only thing resembling this seems to be in chap-secrets, which is
of course not used once one is using ppp (to get at pam
authentication, which on our vpn server is set up for the LDAP
authentication).
Thoughts? I'm kind of hoping to reuse the LDAP authentication in
setting up a static IP, but if I really have to, I'll double password
our folks. But I didn't see another way besides chap-secrets.
Help? Openswan installed on an ubuntu 12.04 LTS server which
authenticates against an LDAP server (running on a separate 12.04
server, if that matters). I followed this tutorial
https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_with_Ubuntu_12.04.html
pretty closely (except our /etc/pam.d/ppp file was already set up for
auth/account/session so I didn't touch it) and got it working to this
point.
I did a search through the archives for keywords like LDAP and static
ip but didn't find anything useful or recent.
Thanks,
--Cindy
More information about the Users
mailing list