Netgate SG-1000 microFirewall

Author Topic: Feature question: aliases for IPSEC Phase 2 entries  (Read 293 times)

0 Members and 1 Guest are viewing this topic.

Offline whosmatt

  • Sr. Member
  • ****
  • Posts: 433
  • Karma: +27/-0
    • View Profile
Feature question: aliases for IPSEC Phase 2 entries
« on: July 01, 2017, 05:10:36 pm »
Forgive me as this has certainly been asked elsewhere.

Has there been any recent thought to the ability to use aliases in Phase 2 entries?  This would somewhat put pfSense on par with, say, the ASA, where tunnels can be defined using logical groups of objects (those being hosts or subnets). 

I see that https://redmine.pfsense.org/issues/946 addresses the same question starting 6 years ago.  Just wondering if there's any current movement on this front.  I actually talked one of my coworkers who is more on the developer side of things (though his title is sysadmin, as is mine) into writing this into PHP back in the 2.1.x days but we never took it any further than some lab testing.

Just curious :) 
home:  pfSense on ESXi 6.5. 2 v cores, 512MB RAM, 8GB disk.  Host is MSI AM1I, Athlon 5350, 16GB DDR3, 60GB SSD, 320GB HDD, HP NC360T NIC.

Offline markdegroot

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Feature question: aliases for IPSEC Phase 2 entries
« Reply #1 on: July 26, 2017, 05:11:29 am »
We are having the same issue. We want to have IPSec tunnels to three hosts instead of a complete subnet. For now we create one Phase2 rule per host. It would be great if we could just add one aliases for the three hosts.