I have been trying to set up an ipsec vpn to only route from/to tcp port 80 and 440. The vpn sets up fine, but since there is no setting in the gui for ports, I have taken to hand trying some different SPDs.
>From the command line: setkey -FP - erases current spd's setkey -f filename - loads new file this is one I have tried - spdadd -4 192.168.0.1/32 192.168.0.0/24 any -P out none; spdadd -4 192.168.0.0/24 192.168.0.1/32 any -P in none; spdadd -4 192.168.0.0/24[any] 0.0.0.0/0[80] tcp -P out ipsec esp/tunnel/69.27.61.178-199.19.252.164/unique; spdadd -4 0.0.0.0/0[any] 192.168.0.0/24[80] tcp -P in ipsec esp/tunnel/199.19.252.164-69.27.61.178/unique; and many other combinations between the []. However, a port number seems to break it, where no traffic get routed to the ipsec interface. I know this would take a bit of coding to inhibit the auto update from xml, but otherwise would this be doable if setkey/racoon?? would cooperate? Or are there other factors at play?
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list