Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Separate subnets for road warriors

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 657 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kacper
      last edited by

      Hi,

      I've currently have an IPSec tunnel setup that authenticates against a Windows radius server. I would like to place road warrior users in different subnets depending on the group which they belong to. Is something like this possible in pfSense/Strongswan?

      The reason being that I would like to restrict what less trusted road warrior clients can access.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That is not possible with mobile IPsec on pfSense. I'm not sure if it's possible in strongSwan itself.

        It's very simple with OpenVPN, the RADIUS server can pass back the IP address and even firewall rules in reply attributes.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.