Virtual Address Pool in Pre-Shared Keys is not used for ipsec



  • Hello. I was configured VPN according THIS, and i managed to connect.
    But when i specified additional IP pool for specific preshared key, it not work. Client still received IP from default pool.
    I need to find was to provide specific IP addresses to different VPN clients, and i dont want to use radius. Reading forums it say that this feature should work, but not really. Version of my pfsense is 2.4.4-Release-p3 . Can somebody help?



  • +1 on this



  • I have the same thing in windows 10. If I use a strongswan client in my cell phone it works, Right now I am trying a mac to see if i got the same result. I have tested with windows 10 1809 1903 and 1909 with the same bad result.



  • @nohimx I have the same problem. I use macOS Catalina 10.15.1 as VPN client. The ip-adress I get is from the global pool even though I configured one on the pre-shared key for the user.



  • I just solved it on Mac. On the client, in the VPN configuration, for "Local ID" I entered the same email address that I used in the pfsense pre shared key as identifier. Now I get an IP-adress from the pool that I assigned to the pre shared key.



  • I am currently also having this issue on windows server 2016. The vpn connection will not connect if you turn off Virtual Address Pool under Mobile Clients and set one for a user under Pre-Shared Keys it will not connect. When you do enable the Virtual Address Pool under Mobile Clients then the vpn will connect but will ignore the virtual address put under the connecting Pre-Shared Key user.



  • @mlevy823 Windows Rasman use ip address instead of IKE local ID. There is no ´solution today for this problem. I use Strongswan client as a work around.


Log in to reply