Multiple road warrior tunnels with different backend authentication servers
-
Hi guys!
I have a problem replacing our old firewall with pfsense: We have two seperate radius authentication servers with different users in it. The authentication for a single roadwarrior phase1 with PSK and XAUTH works fine using the mobile clients tabs. Is there a way to add another phase1 IKE with a different backend authentication server? The mobile clients tab seems unique.Thanks!
Akku
-
Not at this time, only a single IPsec mobile setup is possible.
OpenVPN can have as many distinct/separate configurations as you like, however.
-
Not at this time, only a single IPsec mobile setup is possible.
OpenVPN can have as many distinct/separate configurations as you like, however.
Is this just a gui/pfsense restriction or doesn't strongSwan support this kind of configuration?
-
I've tried a few experiments in strongSwan and could never get more than one to work, but I may just not have hit a winning combination.
The problem is having it differentiate the request early enough that it can know to use the other profile. If you want to have two nearly identical profiles except for the authentication, that probably isn't going to be possible
