Netgate SG-1000 microFirewall

Author Topic: Additional Details for IPSec Mobile Clients  (Read 129 times)

0 Members and 1 Guest are viewing this topic.

Offline johnwm47

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Additional Details for IPSec Mobile Clients
« on: January 31, 2018, 02:54:45 pm »
Hello,
I was wondering if there was anything I could do to get additional client details for IPsec mobile VPN clients. Currently, when I have clients connected, I can see in the Status page a Local ID, Local IP, and even a Remote ID.

My VPN settings are set to assign addresses to clients starting at 10.120.0.128, so if I'm the first or only client connected, I would receive that address. Subsequent connections would receive 10.120.0.129, and so on.

On the status page, I would expect to see a list of these clients with their local IPs, however I don't. Is there anywhere on the router where I can pull more info on the connected mobile clients? Anyway to monitor their traffic? See the user info they used to connect to the VPN with? MAC address of the device? Anything

Attaching a screenshot with what limited info I can pull at the moment.

Thanks for the help!

Offline laped

  • Jr. Member
  • **
  • Posts: 47
  • Karma: +4/-0
    • View Profile
Re: Additional Details for IPSec Mobile Clients
« Reply #1 on: January 31, 2018, 03:13:42 pm »
In the ipsec status you should see SPD and SAD where you got the remote ip for both end points and its mobile IPv4 address given. You can also see bytes sent in both directions.

On the dashboard you can also add the IPSec widget.

Offline johnwm47

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Additional Details for IPSec Mobile Clients
« Reply #2 on: February 08, 2018, 11:45:45 am »
Thanks for the reply!
I'm checking those tabs, and I only see the remote public IP, not the local IP that the client is receiving from pfsense.
The scenario is, I'm rolling this out to a company of multiple users, and I would like to be able to identify each client on the router, but it seems like that info is obfuscated from me at this point.
Appreciate your help!