Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Restrictions on IPSEC clients

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 562 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cliffstevens
      last edited by cliffstevens

      I am very new to pfSense and not a networking engineer, but I'm trying to figure out how to place time restrictions on IPSEC clients. Please note I am not using pfSense as my router/firewall. I have a different hardware router/firewall. Instead, I setup pfSense in a VM, and managed to get an IPSEC VPN server running, and connect an iPhone. I'm trying to route all iPhone internet traffic through the PfSense IPSEC VPN, and then turn that internet connection off at certain times of day. The iPhone will have always on VPN, configured using Apple's management software. The pfSense VM that I set up currently only has a WAN port, basically it's a client on my local network and is using that WAN port to access the internet. I've got port forwarding set up to deliver the IPSEC traffic to the VM. Thanks for any help. I can't seem to find an online guide for this.

      FYI, the reason I'm using IPSEC (and a pfSense VM) is that the iPhone must use that for always on VPN. My actual router/firewall only has openvpn and wireguard, no IPSEC.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @cliffstevens
        last edited by

        @cliffstevens Since you have IPSec I would think you should be able to set up rules with a schedule, to allow traffic at certain times.

        https://docs.netgate.com/pfsense/en/latest/vpn/firewall-rules.html#ipsec
        https://docs.netgate.com/pfsense/en/latest/firewall/time-based-rules.html

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        C 1 Reply Last reply Reply Quote 0
        • C
          cliffstevens @SteveITS
          last edited by

          @steveits said in Restrictions on IPSEC clients:

          https://docs.netgate.com/pfsense/en/latest/firewall/time-based-rules.html

          Thanks, I did try to create some scheduled firewall rules, but they don't seem to have any effect once a IPSEC connection is established. When blocking traffic, they stop the VPN connection from happening. But if the connection is already established, then the iPhone is still able to browse the internet through the VPN.

          I think this needs to be set up a specific way with firewall rules, but I don't know how to do that. It could also be that having pfSense in a VM makes a difference to how this is done.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.