[ previous ] [ next ] [ threads ]
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] M0n0wall to m0n0wall VPN ?
 Date:  Tue, 8 Feb 2005 13:46:32 -0800 (PST)
On Sun, 6 Feb 2005, Brian Watters wrote:

> Here is a follow up on my last msg ..
> This is a log snip from m0n0A
> Feb 6 18:58:04 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such policy
> already exists. anyway replace it:[0][0]
> proto=any dir=out 

Those are normal when you make a change to the IPsec config.  It would be
nice if m0n0wqll left the unaffected SPs alone, but that would require
more "smarts" in the code.

> -----Original Message-----
> From: Brian Watters [mailto:brwatters at abs dash internet dot com] 
> Sent: Sunday, February 06, 2005 6:42 PM
> To: 'Barry Mather'; m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] M0n0wall to m0n0wall VPN ?
> Tried that .. However still no go .. I see something about ESP firewall
> rules being auto generated however I do not see them listed in the firewall
> rules ?? .. This should be straight forward on v1.2b3 .. Anyone have any
> insight on this  .. I have followed step by step the instructions shown in
> the URL below .. 

They don't appear in the *GUI* firewall rules.  There are lots of rules
that you can't see on the web page.  Look at "ipfstat -hnio" to see the
real ruleset.

					Fred Wright