I had a requirement to use unique virtual IP pool per peer config (identity). The clients would connect using Windows default VPN client and each client when connected should get the virtual IP address from a different pool. Multiple clients can use the same credentials, so they will get virtual IP address from the pool configured with the peer config. But clients using different credentials will get IP from different virtual pools.
For windows, matching peer config (connection) based on identity doesn't work, so I followed the approach given at the below link (refer answer)
Strongswan clients access rights
Though the solution works fine, but the challenge is that using rightgroups configuration results in an extra password prompt on Windows (using default VPN client). I think it happens because of the dummy connection switch that happens due to the rightgrougs with identity=%any (eap-init).
Is there a way to solve the dual password prompt issue?
