|
||||||||
* Quoting Chris Buechler (cbuechler at gmail dot com): > On 12/15/05, Bob . <tempuserone at yahoo dot com> wrote: > > Thanks for responding to my previous post. > > > > After reviewing the recommended post it appears the problem lies with IPFilter. I was wondering if PFsense (using openbsd's packet filter) has the same problem or would it be usable in the configuration I outlined earlier. > > > > same issue, this is a freebsd and ipsec limitation, not related to > what firewall you're using. > >It's not an IPsec issue. It's possible to exclude >networks in the policies and have a setup like the >one desired. It's just not possible in the >m0n0wall ui. Btw. m0n0wall does this internally to >keep the webgui accessible: > >$ setkey -DP >192.168.1.0/24[any] 192.168.1.1[any] any > in none > spid=29 seq=3 pid=3273 > refcnt=1 >192.168.2.3[any] 192.168.1.0/24[any] any > in ipsec > esp/tunnel/192.168.2.3-192.168.2.1/unique#16400 > spid=32 seq=2 pid=3273 > refcnt=1 >192.168.1.1[any] 192.168.1.0/24[any] any > out none > spid=30 seq=1 pid=3273 > refcnt=1 >192.168.1.0/24[any] 192.168.2.3[any] any > out ipsec > esp/tunnel/192.168.2.1-192.168.2.3/unique#16399 > spid=31 seq=0 pid=3273 > refcnt=1 > >regards, Rolf Thank you for the reply and offering a solution to the problem. I really want to implement/test the solution you have offered but at this point I have no idea how to make the required patch. I have a little Linux experience (no BSD experience). I would greatly appreciate if you could expand on your solution with more a detailed procedure. If you would rather e-mail me directly instead of posting to the list please do so. Thanks in advance and I hope to hear a reply. Regards, Bob. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com |