@keyser To expand on that:
In my opinion pfSense could very quickly become a VERY VERY large IPSEC mobile VPN market share owner, if:
1: its engine was adapted to allow for pr. User/group firewall rules - either completely which is unlikely and VERY complicated, or simply by having multiple virtual pools to assign different clients to (Each pool has its own firewall rules).
2: An add-on bonus would be multiple instances of the IPSEC engine in pfSense - each one on its own unique interface IP.
The sad part is - neither of those two are very complicated to support. Strongswan already has the full support for multiple IP pools referenced by name (from say Radius or preshared config), but - There is just no drive towards it because everybody thinks: ahh, well, I’ll go with OpenVPN then….
The added bonus for Enterprises if they could just use the built-in VPN client is…. HUGE! Two powershell commands or a simple group policy and you have all the features you need - including raising the VPN automatically and/or before logon.