How do I disable two IPSec clients from connecting with the same credentials?
-
First off, my experience with pfSense is weak at best. I manage a few external Strongswan VPN gateways for a QA team and looking into pfSense to help diminish my overhead between configurations and deployment of testing services. Any help or suggestions would be great.
Here is a summary of the issues I am seeing. I will attempt to use Strongswan's nomenclature.
IPSec VPN Gateway Server: Moon
Android Device-1: Client-1 (User Tom credentials)
Android Device-2: Client-2 (User Tom credentials)
IP Pool for VPN 192.168.102.0/24
Internal network 10.0.10.0/24All tests have been performed using WiFi AP (with NAT) and via cellular carriers.
Steps to reproduce the issue:
1) When Client-1 is connected to Moon and receives the IP 192.168.102.1 and can access all network resources successfully
2) If Client-2 is authenticated using same credentials as Client-1 to Moon, it will be assigned IP 192.168.65.2 and can access all network resources successfully.After second connection, Client-1 is still connected to the VPN but suddenly will not able to network resources, but Client-2 can access all network resources internal and external successfully.
What my team and myself expect Client-1 and Client-2 can never be connected at the same time if they use the same authentication. The last successful authentication client will force a disconnect any existing connections using the same credentials.
I have a working version of this in Ubuntu using Strongswan VPN, and I use 'uniqueids=yes' to perform this. I've enabled the 'uniqueids' to 'yes' in the advanced menu, but I still see the same problem.