I see they know. http://www.freebsd.org/cgi/man.cgi?query=setkey&sektion=8
No other alternatives to selectively route ports to an ipsec vpn? *BUGS <http://www.freebsd.org/cgi/man.cgi?query=setkey&sektion=8#end>* The *setkey* utility should report and handle syntax errors better. For IPsec gateway configuration, *src**_**range* and *dst**_**range* with TCP/UDP port number do not work, as the gateway does not reassemble packets (can- not inspect upper-layer headers). On Wed, Feb 12, 2014 at 3:25 PM, Ermal Luçi <[email protected]> wrote: > You need to tell even racoon about this. > > > On Wed, Feb 12, 2014 at 2:35 PM, Erik Friesen <[email protected]> wrote: > >> I have been trying to set up an ipsec vpn to only route from/to tcp port >> 80 and 440. The vpn sets up fine, but since there is no setting in the gui >> for ports, I have taken to hand trying some different SPDs. >> >> From the command line: >> setkey -FP - erases current spd's >> setkey -f filename - loads new file >> >> this is one I have tried - >> spdadd -4 192.168.0.1/32 192.168.0.0/24 any -P out none; >> spdadd -4 192.168.0.0/24 192.168.0.1/32 any -P in none; >> spdadd -4 192.168.0.0/24[any] <http://192.168.0.0/24%5Bany%5D> >> 0.0.0.0/0[80] <http://0.0.0.0/0%5B80%5D> tcp -P out ipsec >> esp/tunnel/69.27.61.178-199.19.252.164/unique; >> spdadd -4 0.0.0.0/0[any] <http://0.0.0.0/0%5Bany%5D> >> 192.168.0.0/24[80]<http://192.168.0.0/24%5B80%5D>tcp -P in ipsec >> esp/tunnel/199.19.252.164-69.27.61.178/unique; >> >> and many other combinations between the []. However, a port number seems >> to break it, where no traffic get routed to the ipsec interface. >> >> I know this would take a bit of coding to inhibit the auto update from >> xml, but otherwise would this be doable if setkey/racoon?? would cooperate? >> Or are there other factors at play? >> >> >> _______________________________________________ >> List mailing list >> [email protected] >> http://lists.pfsense.org/mailman/listinfo/list >> >> > > > -- > Ermal > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
