[ previous ] [ next ] [ threads ]
 
 From:  lola <lola at yais dot net>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] how to filter ipsec traffic?
 Date:  Tue, 25 Oct 2005 15:30:55 +0200
--

Thomas Lohner


Am 24.10.2005 21:07 Uhr schrieb "Bjoern Euler (lists at edain)" unter
<lists at edain dot de>:

> lola wrote:
> 
>> it doesnt matter what rules i have, ipsec mobile clients alway have full
>> access to all networks. am i missing something?
>> 
> 
> As Chris pointed out: unfortunately it is not possible at the moment
> with m0n0wall. (Though the underlying firewall software supports it.)
> 
> Possible workarounds:
> -make the VPN tunnel only use the desired network (afaik Bintec uses
> 0.0.0.0/0 as default remote subnet)
> -Setup filter on the Bintec clients
> -Use a second firewall/m0n0wall behind your VPN box to implement the
> filtering
> 
> Regards
> 

> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>