[solved] IPSec mobile clients/roadwarrior: Per user privileges

  • Hello all,

    I configured IPSec as described in the infamous article - IPsec Road Warrior/Mobile Client How-To - which works quite nice.

    Is there a way to configure per user privileges? As for an example what I would like to achieve is

    + USER A is allowed to acces a single server on the LAN
    + USER B is allowed to access any server on the LAN
    + USER C is allowed to to redirect his web traffic only

    Additionally is it possible to assign a specific subnet to a specific user? E.g.:

    + USER A:
    + USER B:
    + USER C:

    Or maybe assign a very specific IP to a specific user? E.g.:

    + USER A:
    + USER B:
    + USER C:

    My feeling and research says it is not possible - IPSec is a get all or nothing solution - and I'd be better using OpenVPN for that kind of scenarios?


  • Anyone?

  • Rebel Alliance Developer Netgate

    There isn't a way to accommodate that with IPsec. It could easily be done with OpenVPN, however.

  • Thank you for your confirmation!

Log in to reply