[ previous ] [ next ] [ threads ]
 From:  "Michael Whitby" <m dot whitby at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VPN Traffic Filtering
 Date:  Wed, 17 May 2006 21:17:52 +0100
On 5/15/06, Chris Buechler <cbuechler at gmail dot com> wrote:

> Hi all - sorry for asking this as I beleive it will repeat what has been
> > asked previously. It seems that m0n0wall cannot (or at least could not)
> > filter or traffic shape traffic going through IPSEC, is this still the
> case?
> >
> I don't know about shaping, but you can firewall outbound IPsec
> traffic just fine, just not incoming.

I presume you would filter on the LAN interface when the traffic is going to
a subnet that is connected to the other end of the IPSec tunnel? I had
thought about doing this for traffic shaping - does anyone know how this
would work? I mean I could make a rule that specifies traffic must go
through the LAN interface and be destined for the subnet on the other end of
the IPSec tunnel which then puts the traffic into a queue which is for IPSec
- would this work?

I'm not so sure how the packet shaper works - being as the queues are
interface specific I presume they are purely just queues that hold packets
until it is that packets turn to go out of the queue (and assuming the
tunnel is free to use) and then are simply sent using the routing table?

Could someone advise how it works or confirm what I've written if its right?

> Also - does this apply to PPTP VPN's?
> no.  Well, not for filtering, I have no idea for the shaper.
> -Chris

Are there any plans to add "IPSec" as an entry to the filter/traffic shaper
such as PPTP is?

Cheers Chris

- Michael