Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Road Warriors with different ruleset

    IPsec
    2
    2
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sinac
      last edited by

      Hi all!

      Lets say I have two mobile clients connecting to my pfSense from dynamic IP addresses, RW1 and RW2. They both have different identifier and PSK pairs. Also, they obviosly have different IP Adresses used by the mobile clients. Now if I want these Clients to only have restricted access to the systems they need, lets say RW1 is to have access to SERVER-A and RW2 to SERVER-B, I create the firewall rules to only allow the RW1 IP Adress to connect to SERVER-A and accordingly similar rules for RW2.

      But if RW2 edits his mobile client connection to simply use RW1'1 IP Adresse, he can authentiticte with his know identifier / PSK pair, but gain access to SERVER-B.

      Any solution for this?

      Best regards,
      Sinac

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Not easily with IPsec. With OpenVPN you can use CSC entries to force people onto specific IPs, and on pfSense 2.0 you can also force them to use username/password, and also check that the username matches the certificate name.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.