Mobile Clients different rights

  • Hi,

    I am running pfSense 2.0.1-RELEASE and I set up the mobile VPN with Shrew Soft. The VPN works great, but I do have the problem to assign different firewall rules to different users connecting through the client. Since mobile clients receive an IP address from pfSense regardless their authentication and PSK, and I can't reserve an address to a certain client, which is the solution? How can I manage different rights for different clients connecting with the same tunnel?

    Thanks in advance

  • Rebel Alliance Developer Netgate

    Unfortunately that can't be done with IPsec.

    You can assign static IPs with OpenVPN though, that would be a much more flexible solution.

  • I see… is there any quick and good guide about that?

    I tried also to make shrew client connect to a NOT-Mobile_clients tunnel to solve my problem, but I can't succeed. Is this possible in any way? I tried many configurations, and I can actually connect, but I always get this:

    racoon: ERROR: failed to get sainfo.
    racoon: ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1).

    So the problem should be about local and remote network. I set up a fixed address in shrew client and put the same as remote network and the pfsense lan subnet as local network. I'd like to know if I'm just wasting my time and should try openvpn or if I could solve it.


Log in to reply