Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    REQUEST: Support multiple IPSec mobile client profiles

    Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
    4 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      qiv
      last edited by

      Hi,

      Could you please extend the "Mobile clients" section of the IPSec VPN configuration to support having multiple profiles, in the same manner that we can have multiple tunnel profiles?

      Specifically, I need to treat a set of mobile clients on dynamic IP networks differently (i.e. different virtual address pools, different phase 1 and phase 2 parameters, etc.).  This is important especially where certain mobile clients need to be on a separate network and routed accordingly.

      Currently, there is no way to handle this.  I either have to treat them all the same (and accept the security risk) or setup a separate gateway – which is not good, because I lose an addition IP and also have duplicate a lot of configuration and administration.

      If this can be supported it would simplify things immensely.

      Thanks

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        I believe StrongSWAN can do that, but it would take some significant GUI work.

        Not likely for 2.2, maybe later. We're not adding any more features to 2.2, we're focusing on stabilizing and fixing regressions. You can open a feature request in redmine.pfsense.org, set the target to 'future'.

        Use OpenVPN and you can have as many different profiles as you like for mobile clients.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • Q
          qiv
          last edited by

          @jimp:

          I believe StrongSWAN can do that, but it would take some significant GUI work.

          Not likely for 2.2, maybe later. We're not adding any more features to 2.2, we're focusing on stabilizing and fixing regressions. You can open a feature request in redmine.pfsense.org, set the target to 'future'.

          Use OpenVPN and you can have as many different profiles as you like for mobile clients.

          OpenVPN is a pain.  I'll open a feature request when I get a chance.

          Thanks

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            For most, OpenVPN is much less of a pain than IPsec when it comes to mobile access. It's a lot more flexible and more likely to work from remote locations.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.