I have been setting up an ipsec network between different hosts. Those hosts are initializing ipsec connection via eth0 and then forwarding traffic to another custom vti created using the ansible script (call it vti0).
I would like to create a new connection to enable remote clients to "log-in" this vpn using standard vpn clients on a windows machine using certificates.
Once inside the VPN, those remote clients should be able to see the ipsec nodes whose traffic is forwarded through vti0.
How to achieve this? Is it enough to add a new connection in the ansible inventory file with the auth_method: cert ? What should be put into the hosts: attribute of the connection? i have no way to know in advance which IP address the remote clients will connect from, how to go about it?
@ueno do you know? The vpn role is a wrapper around libreswan - if you can figure out how to do what you want to do with libreswan, we can figure out how to make the vpn role do the same.
I have been setting up an ipsec network between different hosts. Those hosts are initializing ipsec connection via eth0 and then forwarding traffic to another custom vti created using the ansible script (call it vti0).
I would like to create a new connection to enable remote clients to "log-in" this vpn using standard vpn clients on a windows machine using certificates.
Once inside the VPN, those remote clients should be able to see the ipsec nodes whose traffic is forwarded through vti0.
How to achieve this? Is it enough to add a new connection in the ansible inventory file with the auth_method: cert ? What should be put into the hosts: attribute of the connection? i have no way to know in advance which IP address the remote clients will connect from, how to go about it?