Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mobile Clients different rights

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dieghe
      last edited by

      Hi,

      I am running pfSense 2.0.1-RELEASE and I set up the mobile VPN with Shrew Soft. The VPN works great, but I do have the problem to assign different firewall rules to different users connecting through the client. Since mobile clients receive an IP address from pfSense regardless their authentication and PSK, and I can't reserve an address to a certain client, which is the solution? How can I manage different rights for different clients connecting with the same tunnel?

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Unfortunately that can't be done with IPsec.

        You can assign static IPs with OpenVPN though, that would be a much more flexible solution.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • D
          dieghe
          last edited by

          I see… is there any quick and good guide about that?

          I tried also to make shrew client connect to a NOT-Mobile_clients tunnel to solve my problem, but I can't succeed. Is this possible in any way? I tried many configurations, and I can actually connect, but I always get this:

          racoon: ERROR: failed to get sainfo.
          racoon: ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).

          So the problem should be about local and remote network. I set up a fixed address in shrew client and put the same as remote network and the pfsense lan subnet as local network. I'd like to know if I'm just wasting my time and should try openvpn or if I could solve it.

          Thanks!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.