* Quoting Chris Buechler (cbuechler at gmail dot com):
> On 12/15/05, Bob . <tempuserone at yahoo dot com> wrote:
> > Thanks for responding to my previous post.
> > After reviewing the recommended post it appears the problem lies with IPFilter. I was
wondering if PFsense (using openbsd's packet filter) has the same problem or would it be usable in
the configuration I outlined earlier.
> same issue, this is a freebsd and ipsec limitation, not related to
> what firewall you're using.
>It's not an IPsec issue. It's possible to exclude
>networks in the policies and have a setup like the
>one desired. It's just not possible in the
>m0n0wall ui. Btw. m0n0wall does this internally to
>keep the webgui accessible:
>$ setkey -DP
>192.168.1.0/24[any] 192.168.1.1[any] any
> in none
> spid=29 seq=3 pid=3273
>192.168.2.3[any] 192.168.1.0/24[any] any
> in ipsec
> spid=32 seq=2 pid=3273
>192.168.1.1[any] 192.168.1.0/24[any] any
> out none
> spid=30 seq=1 pid=3273
>192.168.1.0/24[any] 192.168.2.3[any] any
> out ipsec
> spid=31 seq=0 pid=3273
Thank you for the reply and offering a solution to the problem. I really want to implement/test the
solution you have offered but at this point I have no idea how to make the required patch. I have a
little Linux experience (no BSD experience). I would greatly appreciate if you could expand on your
solution with more a detailed procedure. If you would rather e-mail me directly instead of posting
to the list please do so. Thanks in advance and I hope to hear a reply. Regards, Bob.
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around