From what I've heard (significant weakness imho!) FreeBSD doesn't filter
ipsec at all.
That's what lead me to play with openvpn - so it should work without rule
changes I think.
> -----Original Message-----
> From: Peter Curran [mailto:peter at closeconsultants dot com]
> Sent: Wednesday, July 14, 2004 11:25 AM
> To: Joe Lagreca; Chet Harvey
> Cc: Monowall List
> Subject: Re: [m0n0wall] SNMP over IPSEC VPN possible?
> In principle it should work fine, depending on how the VPN is defined.
> If it is a simple tunnel for all traffic from IP address block A
> to IP address
> block B then it will carry any IP traffic.
> SNMP uses UDP port 161
> What I can't tell you is if there is any firewall config needed
> at the m0n0
> end to allow access to the actual m0n0 snmp agent. (If it was
> OpenBSD it is
> a no brainer 'cause the traffic will come out of an enc(4)
> interface and you
> just set PF to allow the specific in from there to the SNMP agent on the
> loopback). I have not (as yet) bothered to find out how IPsec
> VPNs work on
> FreeBSD - but a quick glance at the documentation will probably tell you.