• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

24.03 Ipsec Mobile Group Pools do not assign ip

IPsec
2
3
209
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mgavrila
    last edited by Oct 13, 2024, 12:57 PM

    Hello,
    I need to set multiple pools for Mobile IPSEC EAP-RADIUS but is not working.
    Active Directory groupname: it
    Local group it exist on pfSense with no members.
    Mobile Group Pool:
    Authentication Groups: it
    Virtual Address Pool: set to /24 prefix

    Logs:
    pfSense receive from NPS Class: received group membership 'it' from RADIUS
    peer requested virtual IP %any
    no virtual IP found for %any requested by '***'

    Do you have any idea?
    Thanks!

    K 1 Reply Last reply Oct 13, 2024, 8:45 PM Reply Quote 0
    • K
      keyser Rebel Alliance @mgavrila
      last edited by keyser Oct 13, 2024, 8:46 PM Oct 13, 2024, 8:45 PM

      @mgavrila You do not need/should not have a pfSense group that has the same name as the IP pool identifier/class attribute you return from radius. You just need to make sure group authentication is activated, but no groups are needed. Then make absolutely sure you created the IP Pool name identical to the class attribute you return.

      It’s a little tricky to test at times because the IPsec engine i pfSense - for a while - keeps assigning the IP address a client formerly had if it was online before being assigned to a new group (get a different class returned).
      I have yet to figure out what exactly causes that and what constitutes a bullitproff immidiate workaround apart from restarting IPsec.

      Love the no fuss of using the official appliances :-)

      M 1 Reply Last reply Oct 14, 2024, 6:57 PM Reply Quote 0
      • M
        mgavrila @keyser
        last edited by Oct 14, 2024, 6:57 PM

        @keyser Thanks a lot for the clarification. Everything is now working as expected. 🤗

        1 Reply Last reply Reply Quote 1
        2 out of 3
        • First post
          2/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.