trijetscud / vyos-agile-vpn Goto Github PK

hello
the vpn work perfektly with ecdsa key
but the vpn ip is not static (with l2tp, it's possible but i have other big problem)
is there a solution to implement a static ip per certificate or other solution ?
it's for use in squid/squidguard fot best filtering ;)

edit :
i have search a lot :
it's possible to associate a certtificate client with an ip
like l2tp associate a name with an ip, , it's possible to add in the gui an optionnal association with the client certificate and an ip ?

https://www.strongswan.org/uml/testresults/ikev1/config-payload-push/moon.ipsec.conf

sorry for my bad english ;)

Thank you very much in advance

Hi,

First of all thank you for the great job you did with this package. It saved me hours of manual configuration to add IKEv2 remote access to my EdgeRouter Lite.

I'm however facing a small annoying issue: On my local network I have several VLANs, one of them being a management VLAN that is isolated from the others (I'm using zone policies on the router to achieve that). It appears that users connected through the remote access have access to everything, including this isolated VLAN.

After investigating a bit, I saw that when "leftfirewall=yes" is set, strongswan prepends rules to the FORWARD chain, thus bypassing all the other rules. I'm not sure it can be easily changed without modifying the strongswan scripts.

So what I would like, is to be able to create my firewall rules manually and then have an option to set leftfirewall to no. Do you think you could add this in a future release ?

Thank you.

I noticed the is a GitHub release that adds the necessary OSX/iOS server id key, but no debian release. Could you upload the .deb to the release, and/or provide the recommend build instructions to generate it from source?