On 7/26/05, Bill Marquette <[EMAIL PROTECTED]> wrote: > > > The other things that were 'broken' were to do with the way IPSec > > tunnels were 'kludged' into the kernel (as one person said) and > > therefore stop me from using the IPSec tunnels to do cool stuff. Has > > any of this changed now that FreeBSD 6 is used as opposed to 4.11 as a base? > > I don't really know anything about m0n0 or FreeBSD 4.11...what were > the issues? I do wish that FreeBSD tied IPSec tunnels to a logical > interface like OpenBSD does, but I hear we can do "stuff" with gif > interfaces. I plan on looking into that soon as filtering over VPN > today kinda sucks w/out an interface to apply a rule to. >
filtering over VPN is the only real limitation of IPsec (aside from an utter lack of commercial-quality features in that version of racoon, some of which (NAT-T) are still an issue because of lacking kernel support). > > I wanted SNMP traffic stats reported back to an NMS but this couldn't be > > done over the IPSec tunnel unless I did some odd static routing to route > > the traffic back to the IPSec interface, and when lots of m0n0walls got > > involved this made pings and traceroutes look very strange. > > We've got an snmp daemon. Dunno if anyone is running it over IPSec > but I don't see why it shouldn't work assuming your tunnels are setup > correctly. > same issue as m0n0wall. http://m0n0.ch/wall/docbook/faq-snmpovervpn.html I'm querying Scott's firewall over VPN and had to throw in a static route for it to work. -cmb --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
