#
# file: ipassignment.conf
#
# This file is used to implement the IP-per-user feature.  It allows the
# administrator to assign specific addresses to specific users or specific
# ranges to specific groups when they connect using Office Mode or L2TP.
#
# The format of this file is simple:  Each line specifies the target
# gateway, the IP address (or addresses) we wish to assign and the user
# (or group) name as in the following examples:
#
# Gateway        Type   IP Address                                User Name
# =============  =====  ========================================  =========================================
# Paris-GW,             10.5.5.8,                                 Jean
# Brasilia,      addr   10.6.5.8, wins=(192.168.3.2,192.168.3.3)  Joao  # comments are allowed
# Miami,         addr   10.7.5.8, dns=(192.168.3.7,192.168.3.8)   CN=John,OU=users,O=cpmgmt.acme.com.gibeuu
# Miami          range  100.107.105.110-100.107.105.119/24        Finance
# Miami          net    10.7.5.32/28  suffix=(acct.acme.com)      Accounting
#
# Note that real records do not begin with a pound-sign (#), and the commas
# are optional.  Invalid lines are treated as comments.  Also, the
# user name may be followed by a pound-sign and a comment.
#
# The first item is the gateway name.  This could be a name, an IP
# address or an asterisk (*) to signify all gateways.  A gateway will
# only honor lines that refer to it.
#
# The second item is a descriptor.  It can be 'addr', 'range' or 'net'.
# 'addr' specifies one IP for one user.  This prefix is optional.
# 'range' and 'net' specify a range of addresses.  These prefixes are
# required.
#
# The third item is the IP address or addresses.  In the case of a single
# address, it is specified in standard dotted decimal format.
# ranges can be specified either by the first and last IP address, or using
# a net specification.  In either case you need to also specify the subnet
# mask length ('/24' means 255.255.255.0).  With a range, this is the subnet
# mask.  With a net it is both the subnet mask and it also determines the
# addresses in the range.
#
# After the third item come any of three keyword parameters.  These are
# specifications for WINS (or NBNS) servers, for DNS servers and a DNS
# suffix.  The parameters themselves are on the format 'keyword=(params)'
# where the params can be one address (such as "192.168.3.2"), several
# IP addresses (such as "192.168.3.2,192.168.3.3") or a string (only
# for the DNS suffix.  The relevant keywords are "dns", "wins" and
# "suffix" and they are not case-sensitive.
# Inside the keyword parameters there must be no spaces or any other
# extra characters.  These will cause the entire line to be ignored.
#
# The last item is the user name.  This can be a common name if the
# user authenticates with some username/password method (like hybrid
# or MD5-Challenge) or a DN if the user authenticates with a
# certificate.
#
firewall-object,       addr    192.168.1.254, dns=(192.168.2.2,192.168.2.3) wins=(192.168.2.2,192.168.2.3) CN=user1,OU=users,O=firewall-manager..5e2qan
firewall-object,       range   192.168.1.1-192.168.1.253/24, dns=(192.168.2.2,192.168.2.3) wins=(192.168.2.2,192.168.2.3)       Some-Usergroup