Ipsec in pfsense 2.1: different ipsec tunnels based on user



  • Hello,

    Is it possible to have multiple phase 1 settings for mobile IPsec differentiated by user login, authentication source, or group membership? 
    For example:

    • I may want to use different phase 1 settings for administrators

    • I may want to use different ip subnets for different user groups

    and/or
    I would like to be able to have different phase 2 entries apply based on the same type of thing.

    I expect some of this is based on the limits of racoon underneath pfsense, but I am not certain what those limits really are.

    Thanks for thinking about this!

    –jason


  • Rebel Alliance Developer Netgate

    In the current implementation, no.

    If you want multiple separate security levels for mobile users, you'll need OpenVPN