* Quoting Chris Buechler (cbuechler at gmail dot com):
> On 12/15/05, Bob . <tempuserone at yahoo dot com> wrote:
> > Thanks for responding to my previous post.
> > After reviewing the recommended post it appears the problem lies with IPFilter. I was wondering
if PFsense (using openbsd's packet filter) has the same problem or would it be usable in the
configuration I outlined earlier.
> same issue, this is a freebsd and ipsec limitation, not related to
> what firewall you're using.
It's not an IPsec issue. It's possible to exclude
networks in the policies and have a setup like the
one desired. It's just not possible in the
m0n0wall ui. Btw. m0n0wall does this internally to
keep the webgui accessible:
$ setkey -DP
192.168.1.0/24[any] 192.168.1.1[any] any
spid=29 seq=3 pid=3273
192.168.2.3[any] 192.168.1.0/24[any] any
spid=32 seq=2 pid=3273
192.168.1.1[any] 192.168.1.0/24[any] any
spid=30 seq=1 pid=3273
192.168.1.0/24[any] 192.168.2.3[any] any
spid=31 seq=0 pid=3273