[ previous ] [ next ] [ threads ]
 
 From:  "Chad R. Larson" <clarson at eldocomp dot com>
 To:  Manuel Kasper <mk at neon1 dot net>, JHead <joggelichopf at hotmail dot com>
 Cc:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] filtering VPN traffic
 Date:  Thu, 11 Mar 2004 15:48:35 -0700 
At 04:19 AM 3/10/2004, Manuel Kasper wrote:
>On 10.03.2004 08:31 +0100, JHead wrote:
>>I just join the group of people who would like to filtert the VPN 
>>traffic. Obviously its by design not possible, isn't it?
>
>No - the way IPsec and ipfilter interact in FreeBSD makes it
>infeasible to filter traffic from/to VPN tunnels in a secure way.

Unless you set up two m0n0walls back to back and let one be the VPN 
endpoint and the second do the filtering.

          -crl
--
Chad R. Larson (CRL22)    chad at eldocomp dot com
   Eldorado Computing, Inc.   602-604-3100
      5353 North 16th Street, Suite 400
        Phoenix, Arizona   85016-3228

-- CONFIDENTIALITY NOTICE --

This message is intended for the sole use of the individual and entity to whom it is addressed, and
may contain information that is privileged, confidential and exempt from disclosure under applicable
law. If you are not the intended addressee, nor authorized to receive for the intended addressee,
you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or
any information contained in the message. If you have received this message in error, please
immediately advise the sender by reply email, and delete the message. Thank you.