Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [solved] IPSec mobile clients/roadwarrior: Per user privileges

    IPsec
    2
    4
    879
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yay
      last edited by

      Hello all,

      I configured IPSec as described in the infamous article - IPsec Road Warrior/Mobile Client How-To - which works quite nice.

      Is there a way to configure per user privileges? As for an example what I would like to achieve is

      + USER A is allowed to acces a single server on the LAN
+ USER B is allowed to access any server on the LAN
+ USER C is allowed to to redirect his web traffic only

      Additionally is it possible to assign a specific subnet to a specific user? E.g.:

      + USER A: 192.168.0.0/30
+ USER B: 192.168.1.0/30
+ USER C: 192.168.2.0/30

      Or maybe assign a very specific IP to a specific user? E.g.:

      + USER A: 192.168.0.1
+ USER B: 192.168.0.1
+ USER C: 192.168.0.1

      My feeling and research says it is not possible - IPSec is a get all or nothing solution - and I'd be better using OpenVPN for that kind of scenarios?

      Cheers

      1 Reply Last reply Reply Quote 0
      • Y
        yay
        last edited by

        Anyone?

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          There isn't a way to accommodate that with IPsec. It could easily be done with OpenVPN, however.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • Y
            yay
            last edited by

            Thank you for your confirmation!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.