[ previous ] [ next ] [ threads ]
 
 From:  "Bjoern Euler (lists at edain)" <lists at edain dot de>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] how to filter ipsec traffic?
 Date:  Mon, 24 Oct 2005 21:07:13 +0200 
lola wrote:

> it doesnt matter what rules i have, ipsec mobile clients alway have full
> access to all networks. am i missing something?
> 

As Chris pointed out: unfortunately it is not possible at the moment 
with m0n0wall. (Though the underlying firewall software supports it.)

Possible workarounds:
-make the VPN tunnel only use the desired network (afaik Bintec uses 
0.0.0.0/0 as default remote subnet)
-Setup filter on the Bintec clients
-Use a second firewall/m0n0wall behind your VPN box to implement the 
filtering

Regards

-Björn