[ previous ] [ next ] [ threads ]
 
 From:  "Kristian Shaw" <monowall at wealdclose dot co dot uk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] IPSEC Issues site-to-site ver 1.22
 Date:  Mon, 8 May 2006 21:32:25 +0100
Hello,

I've just checked this with my install of 1.22 and I get extra firewall 
rules created when IPSEC is enabled. They aren't visible in the GUI but can 
be seen in the ipfilter section of status.php.

# Pass ESP packets
pass in quick on ep0 proto esp from any to 82.xx.xx.xx
pass out quick on ep0 proto esp from 82.xx.xx.xx to any

..etc...

Kris.


----- Original Message ----- 
From: "Don Munyak" <don dot munyak at gmail dot com>
To: "Wilfred E. Savery" <wilfred dot savery at innovadotnet dot com>; 
<m0n0wall at lists dot m0n0 dot ch>
Sent: Monday, May 08, 2006 7:49 PM
Subject: Re: [m0n0wall] IPSEC Issues site-to-site ver 1.22


On 1/8/06, Wilfred E. Savery <wilfred dot savery at innovadotnet dot com> wrote:
> Have this same problem
> If you get it solve let me know
>
> One question why is necessary to ADD ESP IPSEC rule?

In ver 1.21 ESP was added automatically. For some reason, this step
was not performed automatically when I enabled IPSEC...when it should
have...atleast according to the doc's.

If however your asking why..."in general" do you have to allow ESP,
this is needed to allow IPSEC connections to work. It's my
understanding that this is the case with most router/firewalls. By
default ESP is not configured.

~ Don

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch