[ previous ] [ next ] [ threads ]
 
 From:  "Bob ." <tempuserone at yahoo dot com>
 To:  monowall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: IPsec WLAN to LAN without LAN acess
 Date:  Fri, 16 Dec 2005 17:11:55 -0800 (PST)
On 12/16/05, Rolf Kutz <kutz at netcologne dot de> wrote:
> * Quoting Chris Buechler (cbuechler at gmail dot com):
> > >
> > > After reviewing the recommended post it appears the problem lies with IPFilter.  I was
wondering if PFsense (using openbsd's packet filter) has the same problem or would it be usable in
the configuration I outlined earlier.
> > >
> >
> > same issue, this is a freebsd and ipsec limitation, not related to
> > what firewall you're using.
>
> It's not an IPsec issue.
>
>filtering capabilities (or the lack thereof) on IPsec connections most
>certainly *is* a FreeBSD and IPsec issue.
>
>Excluding the LAN subnet from the SPD is a good idea for a work around
>though.  But, as you said, not possible in the GUI at this point.
>
>This would be a nice change to see.  Also would be nice to accommodate
>multiple subnets per connection at the same time.  That's another
>annoying limitation, and the two seem to be things that fit well
>together (i.e. a list of subnets, which can be either included or
>excluded).
>
>-Chris  

I have been reading this afternoon about "setkey" on the OpenBSD and FreeBSD sites.  I still need
some guidance on the procedure.  I really would like to learn more about manually setting up the SPD
policy but could definitely use some help.  Would greatly appreciate any information anyone has to
offer on using "setkey".  Thanks, Bob.



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com