you can only used shared key with one client per server, if you want multiple clients you need to use x509 certs.
what I have done is create a dedicated pfsense vpn termination server on a DMZ off our main (pfsense) firewall cluster.
the vpn server runs multiple vpn servers/configurations, one each per user with a unique shared key, each one with a different network block of /29 (to allow me to switch to certificate based usage should I need to).
since pfsense doesn't provide filtering rules for vpn users, it's all done by the main firewalls' DMZ ingress.
this means I can very easily control access to our core network on a per-user basis - I know their VPN address is within one /29 block.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
