Hi all,
the ipsec gateway acts as a packet filter with policy routing. Here is
a part which controls traffic to the box itself:
---------------
...
#-------------------------------------------------------------------------------
# ipsec gateway
#-------------------------------------------------------------------------------
pass in quick on $red_if inet proto udp from <road_worrier_net> port
isakmp \
to $all_red_addresses port isakmp $udp_options
pass in quick on $red_if inet proto esp from <road_worrier_net> \
to $all_red_addresses
# Need to allow ipencap traffic on enc0 .
pass in quick on enc0 proto ipencap from <road_worrier_net> \
to $all_red_addresses keep state (if-bound)
#-------------------------------------------------------------------------------
# bgpd
#-------------------------------------------------------------------------------
##pass in quick on enc0 inet proto tcp from <green_ifs> \
## to <green_ifs> port bgp tagged FROM_VPN
$tcp_options
block in log quick from any to <self> label "block FW
in"
...
---------------
When I try to allow some traffic to a local daemon through tje vpn,
like the commented rule above, the vpn starts stuttering (pings stop
after 10 pings etc).
Oposite direction at some other place looks like:
---------------
...
##pass out quick on enc0 inet proto tcp from <green_ifs> to
<green_ifs> port bgp \
## $tcp_options
...
---------------
I have no idea what's going on here. pflog shows no blocked traffic.
Any help heavily appreciated.
Axel
---
axel....@chaos1.de PGP-Key:29E99DD6 +49 151 2300 9283 computing @
chaos claudius
