Hi all,

im using FreeBSD 6.2-p9 on my server which acts as IPSec router using 
ipsec-tools. This works fine...
But now i need to filter traffic which comes from the local private network to 
the vpn private network. I tried todo this with pf and using keep state. The 
return packets just get dropped. 
So I reread the gif manpage and read about the IPSEC_FILTERGIF option. I 
rebuilded the kernel with the option and tried it again. No luck!

So I suspect this option is only valid for ipfw and ipf ? 

Any idea how i can use pf + ipsec ( over gif interface ) to filter the needed 
stuff.
This for example not work:

LOCAL_NET = 10.0.0.0/24
VPN_REMOTE_NET = 192.168.10.0/28

pass proto tcp from $LOCAL_NET to $VPN_REMOTE_NET port 22 flags S/SA keep state


This works:

LOCAL_NET = 10.0.0.0/24
VPN_REMOTE_NET = 192.168.10.0/28

pass proto tcp from $LOCAL_NET to $VPN_REMOTE_NET port 22
pass proto tcp from $VPN_REMOTE_NET port 22 to $LOCAL_NET

Thx for the help

bye
Norman


_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to