[solved] IPSec mobile clients/roadwarrior: Per user privileges



  • Hello all,

    I configured IPSec as described in the infamous article - IPsec Road Warrior/Mobile Client How-To - which works quite nice.

    Is there a way to configure per user privileges? As for an example what I would like to achieve is

    + USER A is allowed to acces a single server on the LAN
    + USER B is allowed to access any server on the LAN
    + USER C is allowed to to redirect his web traffic only
    

    Additionally is it possible to assign a specific subnet to a specific user? E.g.:

    + USER A: 192.168.0.0/30
    + USER B: 192.168.1.0/30
    + USER C: 192.168.2.0/30
    

    Or maybe assign a very specific IP to a specific user? E.g.:

    + USER A: 192.168.0.1
    + USER B: 192.168.0.1
    + USER C: 192.168.0.1
    

    My feeling and research says it is not possible - IPSec is a get all or nothing solution - and I'd be better using OpenVPN for that kind of scenarios?

    Cheers



  • Anyone?


  • Rebel Alliance Developer Netgate

    There isn't a way to accommodate that with IPsec. It could easily be done with OpenVPN, however.



  • Thank you for your confirmation!


Log in to reply