eap-radius: Forward UNITY_SPLIT_INCLUDE or UNITY_LOCAL_LAN attributes
authorTobias Brunner <tobias@strongswan.org>
Fri, 16 Aug 2013 13:25:33 +0000 (15:25 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 11 Oct 2013 13:52:22 +0000 (15:52 +0200)
commit1a809e46f8fd2f0df7cce18451070e6bf79faddc
treed52ac35158fdc3db3e0b485c4376fb8084dd85ea
parent66229619cf428919933aa8c7daf903fb9437cb2c
eap-radius: Forward UNITY_SPLIT_INCLUDE or UNITY_LOCAL_LAN attributes

Depending on the value of the CVPN3000-IPSec-Split-Tunneling-Policy(55)
radius attribute, the subnets in the CVPN3000-IPSec-Split-Tunnel-List(27)
attribute are sent in either a UNITY_SPLIT_INCLUDE (if the value is 1)
or a UNITY_LOCAL_LAN (if the value is 2).

So if the following attributes would be configured for a RADIUS user

  CVPN3000-IPSec-Split-Tunnel-List := "10.0.1.0/255.255.255.0,10.0.2.0/255.255.255.0"
  CVPN3000-IPSec-Split-Tunneling-Policy := 1

A UNITY_SPLIT_INCLUDE configuration payload containing these two subnets
would be sent to the client during the ModeCfg exchange.
src/libcharon/plugins/eap_radius/eap_radius.c