[ previous ] [ next ] [ threads ]
 From:  Rolf Kutz <kutz at netcologne dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: IPsec WLAN to LAN without LAN acess
 Date:  Fri, 16 Dec 2005 12:36:26 +0100
* Quoting Chris Buechler (cbuechler at gmail dot com):
> On 12/15/05, Bob . <tempuserone at yahoo dot com> wrote:
> > Thanks for responding to my previous post.
> >
> > After reviewing the recommended post it appears the problem lies with IPFilter.  I was wondering
if PFsense (using openbsd's packet filter) has the same problem or would it be usable in the
configuration I outlined earlier.
> >
> same issue, this is a freebsd and ipsec limitation, not related to
> what firewall you're using.

It's not an IPsec issue. It's possible to exclude
networks in the policies and have a setup like the
one desired. It's just not possible in the
m0n0wall ui. Btw. m0n0wall does this internally to
keep the webgui accessible:

$ setkey -DP[any][any] any
	in none
	spid=29 seq=3 pid=3273
	refcnt=1[any][any] any
	in ipsec
	spid=32 seq=2 pid=3273
	refcnt=1[any][any] any
	out none
	spid=30 seq=1 pid=3273
	refcnt=1[any][any] any
	out ipsec
	spid=31 seq=0 pid=3273

regards, Rolf