Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Ipsec mobile client per ip/user firewall rules

    IPsec
    2
    3
    1716
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      inorx last edited by

      Hi all

      i'm on pfsense 2.0.2 and i got ipsec successfully running.
      Now i would like to implement firewall rules depending on the user that connects through ipsec, so that each user is only granted access to what he really needs (least privilege).  Since mobile users user the "normal" system user accounts for phase 2 authentication, i had a look at the user manager but there's no option to configure kind of access/firewall rules on a per user or per group base. So i thought, if i can't build rules based on users, i could do it based on ip adresses as far as i can make sure that a certain user gets the related ip address upon connection. This again could be done using dhcp (mac address -> ip address, so it basically isn't user based but rahter device based but that would be okay as a wordaround for me) - but if found no way to configure dhcp on the ip sec "interface".

      So now i'm stuck - maybe someone out there has an idea who i could achieve my goal?

      Thanks a lot for your help,
      inorx

      1 Reply Last reply Reply Quote 0
      • I
        inorx last edited by

        In the meantime i found this posting:

        http://forum.pfsense.org/index.php/topic,55648.0.html

        I guess that's stil valid?

        1 Reply Last reply Reply Quote 0
        • jimp
          jimp Rebel Alliance Developer Netgate last edited by

          Yes, the response to the other post is still valid.

          You can't predict/assign IPs to specific IPsec users.

          If you need that, OpenVPN would be a better choice.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post