Project

General

Profile

Actions
Copy link

Bug #10532

closed

Mobile PSK users don't have 'mobile-userpool' section

Added by Viktor Gurov over 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Renato Botelho
Category:
IPsec
Target version:
2.5.0
Start date:
05/06/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.5.0
Affected Architecture:

Description

I don't see the 'mobile-userpool' section for PSK users, only for EAP:

# This file is automatically generated. Do not edit
connections {
    bypass {
        remote_addrs = 127.0.0.1
        children {
            bypass {
                local_ts = 192.168.3.0/24,fc00:5555::/64
                remote_ts = 192.168.3.0/24,fc00:5555::/64
                mode = pass
                start_action = trap
            }
        }
    }
    con-mobile : con-mobile-defaults {
        # Stub to load con-mobile-defaults
    }
    con-mobile-userpool-1 : con-mobile-defaults {
        remote {
            id = userfqdn:test1
            eap_id = %any
        }
        pools = mobile-userpool-1
    }
}
...
pools {
    mobile-pool-v4 : mobile-pool {
        addrs = 10.33.33.0/24
    }
    mobile-pool-v6 : mobile-pool {
        addrs = fc00:3434::/64
    }
    mobile-userpool-1 : mobile-pool {
        addrs = 10.11.11.1/32
    }
}
secrets {
    private-0 {
        file = /var/etc/ipsec/private/cert-1.key
    }
    eap-1 {
        secret = 0sMTIz
        id-0 = test1
    }
    ike-2 {
        secret = 0sMTIz
        id-0 = test2
    }
}

I set the 10.12.12.1/32 pool for the user test2 in WebGUI, but can't see it in swanctl.conf

Actions
Copy link

Also available in: Atom PDF