Ipsec mobile client per ip/user firewall rules

IPsec
Log in to reply
  • I

    Hi all

    i'm on pfsense 2.0.2 and i got ipsec successfully running.
    Now i would like to implement firewall rules depending on the user that connects through ipsec, so that each user is only granted access to what he really needs (least privilege).  Since mobile users user the "normal" system user accounts for phase 2 authentication, i had a look at the user manager but there's no option to configure kind of access/firewall rules on a per user or per group base. So i thought, if i can't build rules based on users, i could do it based on ip adresses as far as i can make sure that a certain user gets the related ip address upon connection. This again could be done using dhcp (mac address -> ip address, so it basically isn't user based but rahter device based but that would be okay as a wordaround for me) - but if found no way to configure dhcp on the ip sec "interface".

    So now i'm stuck - maybe someone out there has an idea who i could achieve my goal?

    Thanks a lot for your help,
    inorx

    0
  • I

    In the meantime i found this posting:

    http://forum.pfsense.org/index.php/topic,55648.0.html

    I guess that's stil valid?

    0
  • jimp
    Rebel Alliance Developer Netgate

    Yes, the response to the other post is still valid.

    You can't predict/assign IPs to specific IPsec users.

    If you need that, OpenVPN would be a better choice.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy