Hello,
I am searching for a means to limit acces based on the Remote- Pees ID
/ip ipsec remote-peers> print
Flags: R - responder, N - natt-peer
0 RN user1 established
1 RN Project1 established
2 RN Project2 established
The users connect via Shrew-Soft ike-ipsec connection and the users must have differtent access to some ip adresses. Is there a way to create a acceslist or deny list for a user ?
You would have to write a script for it, I think.
Unfortunately there is no way to have a trigger script for a new IPsec peer, so it would have to be a scheduled script that
regularly checks for new connections.
It would probably be easier to change to a different topology that uses PPP, e.g. L2TP/IPsec.
There the remote sites log in using a PPP user/password and you have a lot more control over access.
(you can create a profile that adds new users to an address list, runs a script, etc)