Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPSec - Mobile Clients - wrong subnet bug?

    IPsec
    2
    4
    775
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      epionier last edited by

      Hello,

      I am using IPSec IKEv2 MSCHAPv2 on pfSense 2.3.1_1 and everything is working fine. I am just wondering about the subnet that is used. In the "mobile clients" section I set "provide a virtual IP to clients" and it set it to 10.21.32.0 in the text field an 24 in the selection. So usually a mobile client should receive an 10.21.32.0/24 IP/subnet.

      When I check Status->IPSec with one client connected it says in the lower "show child entries" that the IP/subnet of the connected client is 10.21.32.1/32

      Why is there a 32 subnet instead of a 24 subnet?

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        Not a bug, there is no concept of a "subnet" in that context. The /24 means you have 255 IPs to assign. Each client gets a /32.

        1 Reply Last reply Reply Quote 0
        • E
          epionier last edited by

          Ok I understand, so in consequence this assures that all traffic of a IPSec client is routed by pfSense and that there is no "direct" connection between those clients.

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            Right, there is no connection from client to client. Anything other than a /32 would imply the host could talk to other hosts on that network directly, which isn't possible in any mobile IPsec context.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy