I would think if you did that it would all just work. Was going to have a closer look at weather the remote end needs The rules that I gave it.
personally I think the the ipsec will have configured the firewall rules already for you at the remote end so the only addition would be the outbound nat at the remote end. And in some configurations this might not be required. Thanks alan -----Original Message----- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 03 August 2005 18:39 To: alan walters Cc: [email protected] Subject: Re: [pfSense Support] ipsec tunnel to remote gateway Would it help if we allowed 0.0.0.0 to be entered in the WebGUI? On 8/3/05, alan walters <[EMAIL PROTECTED]> wrote: > > > > Below is the xml of the remote tunnel. > > > > On the remote side I added a the following rules > > > > (1) Advanced out bound NAT > > > > 192.168.168.110 to any use gateway xxx.xxx.xxx.xxx > > > > (2) firewall rules > > > > Allow 192.168.168.110 to any on interface LAN > > > > Then the following tunnel was hacked into the xml configuration file. > > > > <tunnel> > > > <interface>wan</interface> > > <local-subnet> > > > <address>192.168.168.110</address> > > </local-subnet> > > > <remote-subnet>0.0.0.0/0</remote-subnet> > > > <remote-gateway>xxx.xxx.xxx.xxx</remote-gateway> > > <p1> > > > <mode>aggressive</mode> > > <myident> > > > <myaddress/> > > </myident> > > > <encryption-algorithm>3des</encryption-algorithm> > > > <hash-algorithm>sha1</hash-algorithm> > > > <dhgroup>2</dhgroup> > > > <lifetime>3600</lifetime> > > > <pre-shared-key>xxxxxxxxxxxx</pre-shared-key> > > > <private-key/> > > <cert/> > > <peercert/> > > > <authentication_method>pre_shared_key</authentication_method> > > </p1> > > <p2> > > > <protocol>esp</protocol> > > > <encryption-algorithm-option>3des</encryption-algorithm-option> > > > <encryption-algorithm-option>blowfish</encryption-algorithm-option> > > > <encryption-algorithm-option>cast128</encryption-algorithm-option> > > > <encryption-algorithm-option>rijndael</encryption-algorithm-option> > > > <hash-algorithm-option>hmac_sha1</hash-algorithm-option> > > > <hash-algorithm-option>hmac_md5</hash-algorithm-option> > > > <pfsgroup>0</pfsgroup> > > > <lifetime>3600</lifetime> > > </p2> > > <descr>test</descr> > > </tunnel> > > > > > > Give it a try > > > > Alan > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Internal Virus Database is out-of-date. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.9.2/52 - Release Date: 19/07/2005 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
