A particular internal IP for a particular user
failedexpectancy
failedexpectancy at onet.pl
Sun May 7 10:58:46 PDT 2017
How to set this up? Scenario: A single IP server running the ocserv 0.11.7, with clients date being natted into the world. The challenge remains port forwarding, which is not a problem at the server level, but would require a particular user to maintain a particular IP at all times, to make this works in the most effective way (so i.e. port 22222 always is forwarded to 10.250.3.2 for user "test")
I tried setting user's ipv4-network = 10.250.3.0/30. This sometimes works, but also sometimes ocserv for a reason tries to push 10.250.3.0 to the client as the internal address (which is not possible) and then switching to 10.250.3.3 which would be broadcast with this CIDR, and that confuses Cisco AC clients.
The most handy way would be to allow setting a specific IP, e.g. user "test" can connect only once (max-same-clients = 1; that's clear) and always gets their internal ip 10.250.3.2. Is this possible with the current implementation?
Thanks!
--
Tomasz
More information about the openconnect-devel
mailing list