4. IPSec - Mobile Clients - wrong subnet bug?

IPSec - Mobile Clients - wrong subnet bug?

  • E

    Hello,

    I am using IPSec IKEv2 MSCHAPv2 on pfSense 2.3.1_1 and everything is working fine. I am just wondering about the subnet that is used. In the "mobile clients" section I set "provide a virtual IP to clients" and it set it to 10.21.32.0 in the text field an 24 in the selection. So usually a mobile client should receive an 10.21.32.0/24 IP/subnet.

    When I check Status->IPSec with one client connected it says in the lower "show child entries" that the IP/subnet of the connected client is 10.21.32.1/32

    Why is there a 32 subnet instead of a 24 subnet?

    0
  • C

    Not a bug, there is no concept of a "subnet" in that context. The /24 means you have 255 IPs to assign. Each client gets a /32.

    0
  • E

    Ok I understand, so in consequence this assures that all traffic of a IPSec client is routed by pfSense and that there is no "direct" connection between those clients.

    0
  • C

    Right, there is no connection from client to client. Anything other than a /32 would imply the host could talk to other hosts on that network directly, which isn't possible in any mobile IPsec context.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy