[ previous ] [ next ] [ threads ]
 From:  "Mitch \(WebCob\)" <mitch at webcob dot com>
 To:  "Peter Curran" <peter at closeconsultants dot com>, "Joe Lagreca" <lagreca at gmail dot com>, "Chet Harvey" <chet at pittech dot com>
 Cc:  "Monowall List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] SNMP over IPSEC VPN possible?
 Date:  Wed, 14 Jul 2004 11:33:37 -0700
From what I've heard (significant weakness imho!) FreeBSD doesn't filter
ipsec at all.

That's what lead me to play with openvpn - so it should work without rule
changes I think.


> -----Original Message-----
> From: Peter Curran [mailto:peter at closeconsultants dot com]
> Sent: Wednesday, July 14, 2004 11:25 AM
> To: Joe Lagreca; Chet Harvey
> Cc: Monowall List
> Subject: Re: [m0n0wall] SNMP over IPSEC VPN possible?
> In principle it should work fine, depending on how the VPN is defined.
> If it is a simple tunnel for all traffic from IP address block A
> to IP address
> block B then it will carry any IP traffic.
> SNMP uses UDP port 161
> What I can't tell you is if there is any firewall config needed
> at the m0n0
> end to allow access to the actual m0n0 snmp agent.  (If it was
> OpenBSD it is
> a no brainer 'cause the traffic will come out of an enc(4)
> interface and you
> just set PF to allow the specific in from there to the SNMP agent on the
> loopback).  I have not (as yet) bothered to find out how IPsec
> VPNs work on
> FreeBSD - but a quick glance at the documentation will probably tell you.
> Peter