IPsec - tunnel restrictions and users
Hello all,
While I successfully configured an IPsec-VPN (I use a similar tho modified setup like this: http://riobard.com/blog/2010-04-30-l...-ipsec-ubuntu/ ), I am now stuck on the next steps. While I can connect to everything I want, I need to configure "access-groups" and/or "users". The scenario is similar to this: Lets say Host A, B and C allow SSH-Connections and some weird non-standard UDP-Connection from Host-VPN, and are also accessible on other ports with public IP's (like http). I now want to limit, that an admin-user has access to all of them, while trainee-admin only can access everything on Host B and C, and CEO only can connect via telnet to Host C - and all users can be roadwarriors (I made this example up to give you an idea what i'm trying to do - hope it makes sense). Now my question is, if someone can point me towards a direction, as I'm quite clueless at the current moment as to what to try. I know that commercial IPsec-Implementations can do this, but can OpenSWAN/... give me something similar? |
Bummer, I was constantly looking at the wrong ends of it: IPsec, xl2tpd, Windows (just cause), but in the end I didn't fully check one thing: PPP
Modifying the chap-secrets file I can assign a distinct local IP to each user. That of course can be used with IPtables to restrict its access in any way I want. |
All times are GMT -5. The time now is 04:16 AM. |