I needed to use a single virtual IP pool per peer config (identity). Clients would connect with the help of a default Windows VPN client and each connected client should get the virtual IP address of a different pool. Multiple clients can use the same credentials to obtain a virtual IP address from the pool configured with the peer configuration. However, customers using different credentials will get the IP of different virtual pools.
For windows, matching identity-based (connections) between peers does not work, so I followed the indicated approach on the link below (see the answer)
Strongswan Customer Access Rights
Although the solution works well, but the challenge is that the use of right groups The configuration causes an additional password prompt on Windows (using the default VPN client). I think this happens because of the dummy connection switch that occurs due to the right handed with identity =% none (eap-init).
Is there a way to solve the problem of double password prompt?