Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Multiple road warrior tunnels with different backend authentication servers

    IPsec
    3
    4
    621
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      akku last edited by

      Hi guys!
      I have a problem replacing our old firewall with pfsense: We have two seperate radius authentication servers with different users in it. The authentication for a single roadwarrior phase1 with PSK and XAUTH works fine using the mobile clients tabs. Is there a way to add another phase1 IKE with a different backend authentication server? The mobile clients tab seems unique.

      Thanks!

      Akku

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Not at this time, only a single IPsec mobile setup is possible.

        OpenVPN can have as many distinct/separate configurations as you like, however.

        1 Reply Last reply Reply Quote 0
        • K
          kacper last edited by

          @jimp:

          Not at this time, only a single IPsec mobile setup is possible.

          OpenVPN can have as many distinct/separate configurations as you like, however.

          Is this just a gui/pfsense restriction or doesn't strongSwan support this kind of configuration?

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            I've tried a few experiments in strongSwan and could never get more than one to work, but I may just not have hit a winning combination.

            The problem is having it differentiate the request early enough that it can know to use the other profile. If you want to have two nearly identical profiles except for the authentication, that probably isn't going to be possible

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense Plus
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy