IKE-VPN via specific ldap-auth
I want to implement a vpn for remote-access-purposes (end-to-site) for a bunch of people via ikev2.
The auth could work via Certs AND via LDAP (-> multi-factors).
On top of that I want to assign a separate password (only for vpn!) to everyone, so they don't have to use their "regular" ldap-pw.
Maybe by adding a new hashed-pw field at ldap.
Have you got any clues how to manage it?
Do you think I'll need a radius in between?