pf doesn't have any method of seperating out the isakmp or esp traffic. There's been some talk of ipsec state code, but I don't know when FreeBSD will see it (certainly not before it's implemented in Opens pf I'm sure). If you have multiple IP addresses, you could use 1:1 nats to solve this (I have coworkers that use this to have multiple workstations connected to our IPSec devices).
--Bill On 10/18/06, Mikael Syska <[EMAIL PROTECTED]> wrote:
Hi, Thank for a great product, I am running the Racoon IPSEC server and it all works great, except that if 2 clients are behind the same firewall, only one of them will be able to make the connection to the VPN server, am I doing any thing wrong here? I have problems with roadwarriors using agressive mode. I'm using SafeNet SoftRemoteLT VPN clients. I know it works with the isakmpd IPSEC server from an erlier setup I have had. its does not work both behind a other pfsense firewall, and some other unknown firewall that I dont know the name of ..... What are my options? Is this the right behavior? or are there something setup completely wrong in the Racoon ipset setup? kind regards Mikael Syska