Hello,
I have a question about authpf: is it possible for different users to
authenticate from the same IP? It's not really about people connecting
from the same host, but rather about different computer being NATed behind
a gateway wanting to authenticate to an authpf firewall.
Let's say we have the following setup, with gateA being a NATing gateway:
hostA \
gateA \
hostB / authpf-gw -- net
hostC /
When different users (or even the same user) connect to authpf-gw from
hostA and hostC, everything is fine, but when they try to connect from
hostA and hostB, which appear to have the same IP address (gateA's IP) for
authpf-gw, the second login kills the first connection.
I thought the user-associated rules weren't only referring to user_ip, but
also to user_id, so that two different users connecting from the same IP
could coexist, but that doesn't seem to be the case (I'm using OpenBSD
4.0, btw).
So, I was wondering if this problem is by design or if there's a way to
work around the limitation.
Thanks,
--
Kilian
