Restrictions on IPSEC clients
-
I am very new to pfSense and not a networking engineer, but I'm trying to figure out how to place time restrictions on IPSEC clients. Please note I am not using pfSense as my router/firewall. I have a different hardware router/firewall. Instead, I setup pfSense in a VM, and managed to get an IPSEC VPN server running, and connect an iPhone. I'm trying to route all iPhone internet traffic through the PfSense IPSEC VPN, and then turn that internet connection off at certain times of day. The iPhone will have always on VPN, configured using Apple's management software. The pfSense VM that I set up currently only has a WAN port, basically it's a client on my local network and is using that WAN port to access the internet. I've got port forwarding set up to deliver the IPSEC traffic to the VM. Thanks for any help. I can't seem to find an online guide for this.
FYI, the reason I'm using IPSEC (and a pfSense VM) is that the iPhone must use that for always on VPN. My actual router/firewall only has openvpn and wireguard, no IPSEC.
-
@cliffstevens Since you have IPSec I would think you should be able to set up rules with a schedule, to allow traffic at certain times.
https://docs.netgate.com/pfsense/en/latest/vpn/firewall-rules.html#ipsec
https://docs.netgate.com/pfsense/en/latest/firewall/time-based-rules.html -
@steveits said in Restrictions on IPSEC clients:
https://docs.netgate.com/pfsense/en/latest/firewall/time-based-rules.html
Thanks, I did try to create some scheduled firewall rules, but they don't seem to have any effect once a IPSEC connection is established. When blocking traffic, they stop the VPN connection from happening. But if the connection is already established, then the iPhone is still able to browse the internet through the VPN.
I think this needs to be set up a specific way with firewall rules, but I don't know how to do that. It could also be that having pfSense in a VM makes a difference to how this is done.