Hello all,

While I successfully configured an IPsec-VPN (I use a similar tho modified setup like this: http://riobard.com/blog/2010-04-30-l...-ipsec-ubuntu/ ), I am now stuck on the next steps.

While I can connect to everything I want, I need to configure "access-groups" and/or "users".

The scenario is similar to this:
Lets say Host A, B and C allow SSH-Connections and some weird non-standard UDP-Connection from Host-VPN, and are also accessible on other ports with public IP's (like http).

I now want to limit, that an admin-user has access to all of them, while trainee-admin only can access everything on Host B and C, and CEO only can connect via telnet to Host C - and all users can be roadwarriors

(I made this example up to give you an idea what i'm trying to do - hope it makes sense).

Now my question is, if someone can point me towards a direction, as I'm quite clueless at the current moment as to what to try. I know that commercial IPsec-Implementations can do this, but can OpenSWAN/... give me something similar?

Bummer, I was constantly looking at the wrong ends of it: IPsec, xl2tpd, Windows (just cause), but in the end I didn't fully check one thing: PPP

Modifying the chap-secrets file I can assign a distinct local IP to each user. That of course can be used with IPtables to restrict its access in any way I want.