Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPSec - Mobile Clients - wrong subnet bug?

    IPsec
    2
    4
    784
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      epionier last edited by

      Hello,

      I am using IPSec IKEv2 MSCHAPv2 on pfSense 2.3.1_1 and everything is working fine. I am just wondering about the subnet that is used. In the "mobile clients" section I set "provide a virtual IP to clients" and it set it to 10.21.32.0 in the text field an 24 in the selection. So usually a mobile client should receive an 10.21.32.0/24 IP/subnet.

      When I check Status->IPSec with one client connected it says in the lower "show child entries" that the IP/subnet of the connected client is 10.21.32.1/32

      Why is there a 32 subnet instead of a 24 subnet?

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        Not a bug, there is no concept of a "subnet" in that context. The /24 means you have 255 IPs to assign. Each client gets a /32.

        1 Reply Last reply Reply Quote 0
        • E
          epionier last edited by

          Ok I understand, so in consequence this assures that all traffic of a IPSec client is routed by pfSense and that there is no "direct" connection between those clients.

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            Right, there is no connection from client to client. Anything other than a /32 would imply the host could talk to other hosts on that network directly, which isn't possible in any mobile IPsec context.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post