24.03 Ipsec Mobile Group Pools do not assign ip
-
Hello,
I need to set multiple pools for Mobile IPSEC EAP-RADIUS but is not working.
Active Directory groupname: it
Local group it exist on pfSense with no members.
Mobile Group Pool:
Authentication Groups: it
Virtual Address Pool: set to /24 prefixLogs:
pfSense receive from NPS Class: received group membership 'it' from RADIUS
peer requested virtual IP %any
no virtual IP found for %any requested by '***'Do you have any idea?
Thanks! -
@mgavrila You do not need/should not have a pfSense group that has the same name as the IP pool identifier/class attribute you return from radius. You just need to make sure group authentication is activated, but no groups are needed. Then make absolutely sure you created the IP Pool name identical to the class attribute you return.
It’s a little tricky to test at times because the IPsec engine i pfSense - for a while - keeps assigning the IP address a client formerly had if it was online before being assigned to a new group (get a different class returned).
I have yet to figure out what exactly causes that and what constitutes a bullitproff immidiate workaround apart from restarting IPsec. -
@keyser Thanks a lot for the clarification. Everything is now working as expected.