REQUEST: Support multiple IPSec mobile client profiles
-
Hi,
Could you please extend the "Mobile clients" section of the IPSec VPN configuration to support having multiple profiles, in the same manner that we can have multiple tunnel profiles?
Specifically, I need to treat a set of mobile clients on dynamic IP networks differently (i.e. different virtual address pools, different phase 1 and phase 2 parameters, etc.). This is important especially where certain mobile clients need to be on a separate network and routed accordingly.
Currently, there is no way to handle this. I either have to treat them all the same (and accept the security risk) or setup a separate gateway – which is not good, because I lose an addition IP and also have duplicate a lot of configuration and administration.
If this can be supported it would simplify things immensely.
Thanks
-
I believe StrongSWAN can do that, but it would take some significant GUI work.
Not likely for 2.2, maybe later. We're not adding any more features to 2.2, we're focusing on stabilizing and fixing regressions. You can open a feature request in redmine.pfsense.org, set the target to 'future'.
Use OpenVPN and you can have as many different profiles as you like for mobile clients.
-
I believe StrongSWAN can do that, but it would take some significant GUI work.
Not likely for 2.2, maybe later. We're not adding any more features to 2.2, we're focusing on stabilizing and fixing regressions. You can open a feature request in redmine.pfsense.org, set the target to 'future'.
Use OpenVPN and you can have as many different profiles as you like for mobile clients.
OpenVPN is a pain. I'll open a feature request when I get a chance.
Thanks
-
For most, OpenVPN is much less of a pain than IPsec when it comes to mobile access. It's a lot more flexible and more likely to work from remote locations.
