oeawallis last edited by
Is there a possibility for:
Allowing different LDAP-groups to access different VLANs on my pfsense via IPSEC IKv1 ?
LDAP-Group svc-admins can access to the ADMIN vlan, while any other group cannot?
Not with IPsec or LDAP. There isn’t any way for the firewall to determine which user to associate with a given set of rules.
If you used RADIUS with IPsec, you could allocate each user a static IP address and then use rules/aliases to accomplish the task.
If you used OpenVPN, you could have each set of users connect to a distinct VPN port with different sets of CA/Cert structures depending on the access level – or you could have everyone connect to the same one but allocate static addresses and filter that way.