I have a pool of addresses (172.16.0.0/24) configured on my NAS (Cisco 2921 router) for my IPsec clients.
I have various subnet mask length subnetworks used for different user groups. For example I have 172.16.0.64/27 for one department, 172.16.0.96/28 for another department and so on. I use Framed-IP-Address
attribute in user configuration, ex:
vpnclient01 ClearText-Password := "cisco"
Service-Type = Outbound-User,
Framed-IP-Address = 172.16.0.68,
Framed-IP-Netmask = 255.255.255.255,
Cisco-AVPair += "ipsec:inacl=IPSEC_ACL_FOR_SPECIFIC_DEPT",
<other Cisco-AVPair params.>
I have to manually track if the IP address is not in use (I have even written a script for that), manually assign an IP address for each new user. Now that's quite a pain in the butt.
My question is, can I somehow manage the IP address pools on the RADIUS server itself instead of Cisco router, for example using some web management tool like DaloRADIUS
(or manually configuring) so that I could just assign the pool of addresses to all users and the radius server would figure out the dynamic allocation itself for each group?
If you need more specific information, please comment. Thank you!
PS. Yes, I do use MySQL backend.