You need to tell even racoon about this.
On Wed, Feb 12, 2014 at 2:35 PM, Erik Friesen <[email protected]> wrote: > I have been trying to set up an ipsec vpn to only route from/to tcp port > 80 and 440. The vpn sets up fine, but since there is no setting in the gui > for ports, I have taken to hand trying some different SPDs. > > From the command line: > setkey -FP - erases current spd's > setkey -f filename - loads new file > > this is one I have tried - > spdadd -4 192.168.0.1/32 192.168.0.0/24 any -P out none; > spdadd -4 192.168.0.0/24 192.168.0.1/32 any -P in none; > spdadd -4 192.168.0.0/24[any] <http://192.168.0.0/24%5Bany%5D> > 0.0.0.0/0[80] <http://0.0.0.0/0%5B80%5D> tcp -P out ipsec > esp/tunnel/69.27.61.178-199.19.252.164/unique; > spdadd -4 0.0.0.0/0[any] <http://0.0.0.0/0%5Bany%5D> > 192.168.0.0/24[80]<http://192.168.0.0/24%5B80%5D>tcp -P in ipsec > esp/tunnel/199.19.252.164-69.27.61.178/unique; > > and many other combinations between the []. However, a port number seems > to break it, where no traffic get routed to the ipsec interface. > > I know this would take a bit of coding to inhibit the auto update from > xml, but otherwise would this be doable if setkey/racoon?? would cooperate? > Or are there other factors at play? > > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > > -- Ermal
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
