LDAP Rightset
-
Hallo together!
Is there a possibility for:
Allowing different LDAP-groups to access different VLANs on my pfsense via IPSEC IKv1 ?
For example:
LDAP-Group svc-admins can access to the ADMIN vlan, while any other group cannot? :o
-
Not with IPsec or LDAP. There isn't any way for the firewall to determine which user to associate with a given set of rules.
If you used RADIUS with IPsec, you could allocate each user a static IP address and then use rules/aliases to accomplish the task.
If you used OpenVPN, you could have each set of users connect to a distinct VPN port with different sets of CA/Cert structures depending on the access level – or you could have everyone connect to the same one but allocate static addresses and filter that way.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.