IKE-VPN via specific ldap-auth

neverbugme

Good mornin'!

I want to implement a vpn for remote-access-purposes (end-to-site) for a bunch of people via ikev2.
The auth could work via Certs AND via LDAP (-> multi-factors).

On top of that I want to assign a separate password (only for vpn!) to everyone, so they don't have to use their "regular" ldap-pw.
Maybe by adding a new hashed-pw field at ldap.

Have you got any clues how to manage it?

Do you think I'll need a radius in between?

Thank you,
kind regards,
alex