I read the paper "Certificate Security Attribute-Based Access Control". If I understand the paper right, now I can implement differentiated vpn access for "departments" or groups of certificate owners, where one attribute (e.g. OU) tells me, that this group gets access or not?
That all depends on, how my pki hierarchy looks like.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...