Netgate SG-1000 microFirewall

Author Topic: How do I disable two IPSec clients from connecting with the same credentials?  (Read 135 times)

0 Members and 1 Guest are viewing this topic.

Offline rsraney

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
First off, my experience with pfSense is weak at best. I manage a few external Strongswan VPN gateways for a QA team and looking into pfSense to help diminish my overhead between configurations and deployment of testing services.  Any help or suggestions would be great.

Here is a summary of the issues I am seeing. I will attempt to use Strongswan's nomenclature. 

IPSec VPN Gateway Server:  Moon
Android Device-1: Client-1 (User Tom credentials)
Android Device-2: Client-2 (User Tom credentials)
IP Pool for VPN
Internal network

All tests have been performed using WiFi AP (with NAT)  and via cellular carriers.

Steps to reproduce the issue:
1)    When Client-1 is connected to Moon and receives the IP and can access all network resources successfully
2)   If Client-2 is authenticated using same credentials as Client-1 to Moon, it will be assigned  IP and can access all network resources successfully.

After second connection, Client-1 is still connected to the VPN but suddenly will not able to network resources, but Client-2  can access all network resources internal and external successfully.

What my team and myself expect Client-1 and Client-2 can never be connected at the same time if they use the same authentication.  The last successful authentication client will force a disconnect any existing connections using the same credentials.

 I have a working version of this in Ubuntu using Strongswan VPN, and I use 'uniqueids=yes' to perform this.   I've enabled the 'uniqueids' to 'yes' in the advanced menu, but I still see the same problem. 

« Last Edit: December 15, 2017, 01:29:30 pm by rsraney »