Feature question: aliases for IPSEC Phase 2 entries



  • Forgive me as this has certainly been asked elsewhere.

    Has there been any recent thought to the ability to use aliases in Phase 2 entries?  This would somewhat put pfSense on par with, say, the ASA, where tunnels can be defined using logical groups of objects (those being hosts or subnets).

    I see that https://redmine.pfsense.org/issues/946 addresses the same question starting 6 years ago.  Just wondering if there's any current movement on this front.  I actually talked one of my coworkers who is more on the developer side of things (though his title is sysadmin, as is mine) into writing this into PHP back in the 2.1.x days but we never took it any further than some lab testing.

    Just curious :)



  • We are having the same issue. We want to have IPSec tunnels to three hosts instead of a complete subnet. For now we create one Phase2 rule per host. It would be great if we could just add one aliases for the three hosts.



  • +100500 for this feature.

    this is very and very useful feature.

    because here, in russia, we suffer from our f*ucked up government… and ipsec one of the fastest solution to build bridges between countries.

    and this is needed to allow our "whitelisted" traffic to stay in russia.



  • I agree as well, please add it! I have several customers with this configuration and I really need this feature. I have to manual add more than 20 subnets on each server, pretty annoying although I would have an Alias ready for that.