RE: [m0n0wall] SNMP over IPSEC VPN possible?

From:	"Mitch \(WebCob\)" <mitch at webcob dot com>
To:	"Peter Curran" <peter at closeconsultants dot com>, "Joe Lagreca" <lagreca at gmail dot com>, "Chet Harvey" <chet at pittech dot com>
Cc:	"Monowall List" <m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] SNMP over IPSEC VPN possible?
Date:	Wed, 14 Jul 2004 11:33:37 -0700

From what I've heard (significant weakness imho!) FreeBSD doesn't filter
ipsec at all.

That's what lead me to play with openvpn - so it should work without rule
changes I think.

m/

> -----Original Message-----
> From: Peter Curran [mailto:peter at closeconsultants dot com]
> Sent: Wednesday, July 14, 2004 11:25 AM
> To: Joe Lagreca; Chet Harvey
> Cc: Monowall List
> Subject: Re: [m0n0wall] SNMP over IPSEC VPN possible?
>
>
> In principle it should work fine, depending on how the VPN is defined.
>
> If it is a simple tunnel for all traffic from IP address block A
> to IP address
> block B then it will carry any IP traffic.
>
> SNMP uses UDP port 161
>
> What I can't tell you is if there is any firewall config needed
> at the m0n0
> end to allow access to the actual m0n0 snmp agent.  (If it was
> OpenBSD it is
> a no brainer 'cause the traffic will come out of an enc(4)
> interface and you
> just set PF to allow the specific in from there to the SNMP agent on the
> loopback).  I have not (as yet) bothered to find out how IPsec
> VPNs work on
> FreeBSD - but a quick glance at the documentation will probably tell you.
>
> Peter
>