Hi,
I have an EdgeRouter-Pro with four subnets configured.
Now i wanted to configure l2tp/ipsec, so that some windows clients are able to connect to a subnet. This is working so far, but i see no way to get the users in different subnets depending on which user is loged in. (user auth is via local-users)
Is there a way to do this? Or what is "best practice" for connecting clients via vpn?
Do you usually set up an extra subnet for vpn clients?
regards
vpn_config:
vpn {
ipsec {
auto-firewall-nat-exclude disable
ipsec-interfaces {
interface eth7
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
}
nat-traversal enable
}
l2tp {
remote-access {
authentication {
local-users {
username user1 {
password WHY_IS_THIS_PASSWORD_CLEAR_VISIBLE?
}
username user2 {
password WHY_IS_THIS_PASSWORD_CLEAR_VISIBLE?
}
}
mode local
}
client-ip-pool {
start 192.168.0.20
stop 192.168.0.39
}
dhcp-interface eth7
dns-servers {
server-1 8.8.8.8
server-2 192.168.0.1
}
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret WHY_IS_THIS_PASSWORD_CLEAR_VISIBLE?
}
ike-lifetime 3600
}
mtu 1492
}
}
}