[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: IPsec WLAN to LAN without LAN acess
 Date:  Fri, 16 Dec 2005 17:03:22 -0500 
On 12/16/05, Rolf Kutz <kutz at netcologne dot de> wrote:
> * Quoting Chris Buechler (cbuechler at gmail dot com):
> > >
> > > After reviewing the recommended post it appears the problem lies with IPFilter.  I was
wondering if PFsense (using openbsd's packet filter) has the same problem or would it be usable in
the configuration I outlined earlier.
> > >
> >
> > same issue, this is a freebsd and ipsec limitation, not related to
> > what firewall you're using.
>
> It's not an IPsec issue.

filtering capabilities (or the lack thereof) on IPsec connections most
certainly *is* a FreeBSD and IPsec issue.

Excluding the LAN subnet from the SPD is a good idea for a work around
though.  But, as you said, not possible in the GUI at this point.

This would be a nice change to see.  Also would be nice to accommodate
multiple subnets per connection at the same time.  That's another
annoying limitation, and the two seem to be things that fit well
together (i.e. a list of subnets, which can be either included or
excluded).

-Chris