[ previous ] [ next ] [ threads ]
 
 From:  "Bob ." <tempuserone at yahoo dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: IPsec WLAN to LAN without LAN acess
 Date:  Fri, 16 Dec 2005 10:34:06 -0800 (PST)
* Quoting Chris Buechler (cbuechler at gmail dot com):
> On 12/15/05, Bob . <tempuserone at yahoo dot com> wrote:
> > Thanks for responding to my previous post.
> >
> > After reviewing the recommended post it appears the problem lies with IPFilter.  I was
wondering if PFsense (using openbsd's packet filter) has the same problem or would it be usable in
the configuration I outlined earlier.
> >
> 
> same issue, this is a freebsd and ipsec limitation, not related to
> what firewall you're using.
>
>It's not an IPsec issue. It's possible to exclude
>networks in the policies and have a setup like the
>one desired. It's just not possible in the
>m0n0wall ui. Btw. m0n0wall does this internally to
>keep the webgui accessible:
>
>$ setkey -DP
>192.168.1.0/24[any] 192.168.1.1[any] any
>    in none
>    spid=29 seq=3 pid=3273
>    refcnt=1
>192.168.2.3[any] 192.168.1.0/24[any] any
>    in ipsec
>    esp/tunnel/192.168.2.3-192.168.2.1/unique#16400
>    spid=32 seq=2 pid=3273
>    refcnt=1
>192.168.1.1[any] 192.168.1.0/24[any] any
>    out none
>    spid=30 seq=1 pid=3273
>    refcnt=1
>192.168.1.0/24[any] 192.168.2.3[any] any
>    out ipsec
>    esp/tunnel/192.168.2.1-192.168.2.3/unique#16399
>    spid=31 seq=0 pid=3273
>    refcnt=1
>
>regards, Rolf 

Thank you for the reply and offering a solution to the problem.  I really want to implement/test the
solution you have offered but at this point I have no idea how to make the required patch.  I have a
little Linux experience (no BSD experience).  I would greatly appreciate if you could expand on your
solution with more a detailed procedure.  If you would rather e-mail me directly instead of posting
to the list please do so.  Thanks in advance and I hope to hear a reply.  Regards, Bob.


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com