[solved] IPSec mobile clients/roadwarrior: Per user privileges
I configured IPSec as described in the infamous article - IPsec Road Warrior/Mobile Client How-To - which works quite nice.
Is there a way to configure per user privileges? As for an example what I would like to achieve is
+ USER A is allowed to acces a single server on the LAN + USER B is allowed to access any server on the LAN + USER C is allowed to to redirect his web traffic only
Additionally is it possible to assign a specific subnet to a specific user? E.g.:
+ USER A: 192.168.0.0/30 + USER B: 192.168.1.0/30 + USER C: 192.168.2.0/30
Or maybe assign a very specific IP to a specific user? E.g.:
+ USER A: 192.168.0.1 + USER B: 192.168.0.1 + USER C: 192.168.0.1
My feeling and research says it is not possible - IPSec is a get all or nothing solution - and I'd be better using OpenVPN for that kind of scenarios?
jimp Rebel Alliance Developer Netgate
There isn't a way to accommodate that with IPsec. It could easily be done with OpenVPN, however.
Thank you for your confirmation!