On Wed, 2004-03-10 at 21:19, Manuel Kasper wrote:
> On 10.03.2004 08:31 +0100, JHead wrote:
> > I just join the group of people who would like to filtert the VPN
> > traffic.
> > Obviously its by design not possible, isn't it?
> No - the way IPsec and ipfilter interact in FreeBSD makes it
> infeasible to filter traffic from/to VPN tunnels in a secure way.
The exact same thing happens with a Linux iptables/FreeS/WAN
implementation - the IPSEC traffic totally bypasses the firewalling
rules. This is because it is expected that the remote network/computer
being VPNed is intended to operate as if it were on the local LAN.
If you want to restrict access to the remote LAN, then ACLs need to be
implemened on your local LAN machines to allow local but not VPN
traffic. These need to be applied to all applicable machines.
Hilton Travis Phone: +61-(0)7-3343-3889
Manager, Quark AudioVisual Phone: +61-(0)419-792-394
Quark Computers http://www.QuarkAV.com/
(Brisbane, Australia) http://www.QuarkAV.net/
Open Source Projects: http://www.ares-desktop.org/
Non Linear Video Editing Solutions & Digital Audio Workstations
Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
Conference and Seminar AudioVisual Production and Recording
War doesn't determine who is right. War determines who is left.