Ipsec vpn, users get predetermined ip address.



  • hi.
    I am new to pfsense.
    I got the Ipsec to work using shrew client.
    The problem i am facing is that i have Pfsense issuing out the ip address that the road warriors get.
    From a subnet.
    I want to be able to say that user 1 get 10.50.1.1
    user 2 get 10.50.1.2
    user 3 get 10.50.1.3 and etc
    that way i can use the firewall and write rules per user.
    I want to be able to give different users access to different resources on the internal network.
    Is that possible to do..
    ….


  • Rebel Alliance Developer Netgate

    That is not possible to do with IPsec.

    Not sure if the underlying software has a mechanism for that or not, even if it does, we don't have a way to do it in our GUI.

    If the clients are using Windows (Or Mac, or Linux) you may as well use OpenVPN. You can set static IPs there with client-specific config/overrides.



  • Ok.
    I know doing Ipsec VPN on Cisco Asa.
    you are able to do it.
    You create a vpn per user and just specify the ip address they get..
    Ty for the fast reply..


  • Rebel Alliance Developer Netgate

    Yes, but even if ASA can do it, that doesn't mean that ipsec-tools/racoon can do it - it's not about it being possible in IPsec, it's about it being possible in the software we use to do IPsec.



  • i understand..
    PFSENSE is still super..
    i am loving it…
    thankx..


Locked