4. IPSec - Mobile Clients - wrong subnet bug?

IPSec - Mobile Clients - wrong subnet bug?

  • E

    Hello,

    I am using IPSec IKEv2 MSCHAPv2 on pfSense 2.3.1_1 and everything is working fine. I am just wondering about the subnet that is used. In the "mobile clients" section I set "provide a virtual IP to clients" and it set it to 10.21.32.0 in the text field an 24 in the selection. So usually a mobile client should receive an 10.21.32.0/24 IP/subnet.

    When I check Status->IPSec with one client connected it says in the lower "show child entries" that the IP/subnet of the connected client is 10.21.32.1/32

    Why is there a 32 subnet instead of a 24 subnet?

    0
  • C

    Not a bug, there is no concept of a "subnet" in that context. The /24 means you have 255 IPs to assign. Each client gets a /32.

    0
  • E

    Ok I understand, so in consequence this assures that all traffic of a IPSec client is routed by pfSense and that there is no "direct" connection between those clients.

    0
  • C

    Right, there is no connection from client to client. Anything other than a /32 would imply the host could talk to other hosts on that network directly, which isn't possible in any mobile IPsec context.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy