Separate subnets for road warriors
-
Hi,
I've currently have an IPSec tunnel setup that authenticates against a Windows radius server. I would like to place road warrior users in different subnets depending on the group which they belong to. Is something like this possible in pfSense/Strongswan?
The reason being that I would like to restrict what less trusted road warrior clients can access.
-
That is not possible with mobile IPsec on pfSense. I'm not sure if it's possible in strongSwan itself.
It's very simple with OpenVPN, the RADIUS server can pass back the IP address and even firewall rules in reply attributes.