Road warriors with specific IP and rules

  • Hi,

    With OpenVPN I can assign a specific IP to a road warrior (on linux, client specific config or ccd).

    Is there any way to do something similar with IPSec? I would like client X to always get ip 10.9.9.X and client Y to always get ip 10.9.9.Y..

    That way I could make specific rules for specific clients (allowing/disallowing certain services) and not have 1 "big" rule set that applies to all Road Warriors.

    I doubt it's possible but I (certainly) might have looked over it..  8)

    Thanks in advance,


  • Rebel Alliance Developer Netgate

    Unfortunately, static client IPs are not possible with IPsec.

    Works fine with OpenVPN though (Client-Specific Overrides tab)

  • I just saw this old post and I was trying to figure out the same thing.

    I wonder if there are any other ways of assigning specific rules to specific groups of users (all client2site "road warriors") when using IPSec? Or do I have to use OpenVPN to achieve this?
    Is there no possible workaround?

  • Rebel Alliance Developer Netgate

    There are not currently any methods of making "multiple" groups of IPsec users, nor any way of assigning them IPs from separate pools from the server.

    So you would need OpenVPN for that sort of scenario.