Ipsec mobile client per ip/user firewall rules

inorx

Hi all

i'm on pfsense 2.0.2 and i got ipsec successfully running.
Now i would like to implement firewall rules depending on the user that connects through ipsec, so that each user is only granted access to what he really needs (least privilege).  Since mobile users user the "normal" system user accounts for phase 2 authentication, i had a look at the user manager but there's no option to configure kind of access/firewall rules on a per user or per group base. So i thought, if i can't build rules based on users, i could do it based on ip adresses as far as i can make sure that a certain user gets the related ip address upon connection. This again could be done using dhcp (mac address -> ip address, so it basically isn't user based but rahter device based but that would be okay as a wordaround for me) - but if found no way to configure dhcp on the ip sec "interface".

So now i'm stuck - maybe someone out there has an idea who i could achieve my goal?

Thanks a lot for your help,
inorx

inorx

In the meantime i found this posting:

http://forum.pfsense.org/index.php/topic,55648.0.html

I guess that's stil valid?

jimp

Yes, the response to the other post is still valid.

You can't predict/assign IPs to specific IPsec users.

If you need that, OpenVPN would be a better choice.