How do I disable two IPSec clients from connecting with the same credentials?

  • First off, my experience with pfSense is weak at best. I manage a few external Strongswan VPN gateways for a QA team and looking into pfSense to help diminish my overhead between configurations and deployment of testing services.  Any help or suggestions would be great.

    Here is a summary of the issues I am seeing. I will attempt to use Strongswan's nomenclature.

    IPSec VPN Gateway Server:  Moon
    Android Device-1: Client-1 (User Tom credentials)
    Android Device-2: Client-2 (User Tom credentials)
    IP Pool for VPN
    Internal network

    All tests have been performed using WiFi AP (with NAT)  and via cellular carriers.

    Steps to reproduce the issue:
    1)    When Client-1 is connected to Moon and receives the IP and can access all network resources successfully
    2)  If Client-2 is authenticated using same credentials as Client-1 to Moon, it will be assigned  IP and can access all network resources successfully.

    After second connection, Client-1 is still connected to the VPN but suddenly will not able to network resources, but Client-2  can access all network resources internal and external successfully.

    What my team and myself expect Client-1 and Client-2 can never be connected at the same time if they use the same authentication.  The last successful authentication client will force a disconnect any existing connections using the same credentials.

    I have a working version of this in Ubuntu using Strongswan VPN, and I use 'uniqueids=yes' to perform this.  I've enabled the 'uniqueids' to 'yes' in the advanced menu, but I still see the same problem.

Log in to reply