Join GitHub today
Implemented IPsec Mobile client expert tunnel configuration #3298
we have the requirement to assign separate virtual IP pools to different IPsec mobile user groups. I understand that adjusting the WebUI to cater for our specific need is rather complex. I went through comparable requests from other people and realised their requirements are still well different from ours.
So my conclusion was that there are two possible setups
I opened therefore a feature request (#3295 ) to allow for an expert tunnel configuration.
This PR is the result from above feature request.
We had to rearrange some of the code for generation strongswan.conf which is in our opinion backwards compatible.
The only new fixed addition is
So we are awaiting possible feedback and hope to get that expert tunnel config included.
Unfortunately not, no, it's one of the very few leftovers from our legacy base. Although we're not planning on implementing new future issues.
For new components we often try to support template hooks, which allow bootstrapping custom configs, which isn't available for regular users. Maybe we can think of something flexible here as well, if time permits we would like to cleanup some parts in IPsec anyway.
So then: How about just always having a
Would a PR for that be acceptable? It requires anyhow knowledge of the command line and only the knowledgable are creating files manually.
So is a PR acceptable that only adds the includes for all the time or do you want a checkbox to activate that funktionality specifically?
I can imagine users complaining about magically appearing conn's that are configured on the filesystem and then forgotten about...
I would put that checkbox under "Advanced settings"...
Our includes are usually hardcoded:
suricata also includes files in a specific directory as far as I can remember.