> On Mar 9, 2015, at 3:07 AM, Brian Candler <b.cand...@pobox.com> wrote: > > On 09/03/2015 10:05, Chris L wrote: >>> Are you saying you want different clients' IPSEC tunnels to terminate on >>> different public IP addresses on the firewall WAN side? That I've never >>> tried, and I don't know if it's possible. >> It listens (binds) on whatever interface/VIP is specified in the Interface >> drop-down in the IPSec/OpenVPN config. > Sure: I was asking if the requirement is to have *multiple* IPSEC VIPs which > are processed differently. > > If not, then why not just terminate IPSEC on the firewall's primary IP > address?
Good question for OP. As far as I know, racoon and strongswan listen on one binding for all clients. OpenVPN is set per-instance. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
