Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ipsec vpn, users get predetermined ip address.

    Scheduled Pinned Locked Moved IPsec
    5 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      protorianbz
      last edited by

      hi.
      I am new to pfsense.
      I got the Ipsec to work using shrew client.
      The problem i am facing is that i have Pfsense issuing out the ip address that the road warriors get.
      From a subnet.
      I want to be able to say that user 1 get 10.50.1.1
      user 2 get 10.50.1.2
      user 3 get 10.50.1.3 and etc
      that way i can use the firewall and write rules per user.
      I want to be able to give different users access to different resources on the internal network.
      Is that possible to do..
      ….

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That is not possible to do with IPsec.

        Not sure if the underlying software has a mechanism for that or not, even if it does, we don't have a way to do it in our GUI.

        If the clients are using Windows (Or Mac, or Linux) you may as well use OpenVPN. You can set static IPs there with client-specific config/overrides.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P
          protorianbz
          last edited by

          Ok.
          I know doing Ipsec VPN on Cisco Asa.
          you are able to do it.
          You create a vpn per user and just specify the ip address they get..
          Ty for the fast reply..

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Yes, but even if ASA can do it, that doesn't mean that ipsec-tools/racoon can do it - it's not about it being possible in IPsec, it's about it being possible in the software we use to do IPsec.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • P
              protorianbz
              last edited by

              i understand..
              PFSENSE is still super..
              i am loving it…
              thankx..

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.