Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LDAP Rightset

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 360 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      oeawallis
      last edited by

      Hallo together!

      Is there a possibility for:

      Allowing different LDAP-groups to access different VLANs on my pfsense via IPSEC IKv1 ?

      For example:

      LDAP-Group svc-admins can access to the ADMIN vlan, while any other group cannot?  :o

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Not with IPsec or LDAP. There isn't any way for the firewall to determine which user to associate with a given set of rules.

        If you used RADIUS with IPsec, you could allocate each user a static IP address and then use rules/aliases to accomplish the task.

        If you used OpenVPN, you could have each set of users connect to a distinct VPN port with different sets of CA/Cert structures depending on the access level – or you could have everyone connect to the same one but allocate static addresses and filter that way.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.