LDAP Rightset

  • Hallo together!

    Is there a possibility for:

    Allowing different LDAP-groups to access different VLANs on my pfsense via IPSEC IKv1 ?

    For example:

    LDAP-Group svc-admins can access to the ADMIN vlan, while any other group cannot?  😮

  • Rebel Alliance Developer Netgate

    Not with IPsec or LDAP. There isn’t any way for the firewall to determine which user to associate with a given set of rules.

    If you used RADIUS with IPsec, you could allocate each user a static IP address and then use rules/aliases to accomplish the task.

    If you used OpenVPN, you could have each set of users connect to a distinct VPN port with different sets of CA/Cert structures depending on the access level – or you could have everyone connect to the same one but allocate static addresses and filter that way.


© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy