Control network based on IPSEC user?



  • How can I control network access based on the IPSEC user that is logged in?

    USERA should have access to 192.168.1.0/24

    USERB should have access to 192.168.2.0/24

    I know I can give them each a certain IPSEC IP Address, and then set firewall rules based on that IP Address, but what prevents them from changing their IP Address in the IPSEC client settings?

    Is there anyway to do such network access control through IPSEC?

    Please tell me if there is a better way to this problem?

    Thank you.


  • Rebel Alliance Developer Netgate

    There isn't a way to enforce the IP assignment with the IPsec client in that way, unfortunately.

    You can set per-user IPs given from the server side with OpenVPN, and also with PPTP. Those can't be changed by the user.


Log in to reply