On 04/28/2012 09:44 AM Uttam Singh wrote: > I needed to use "ping -S <source ip-address>..." when pinging a > ipsec-network host from the pf device itself.
Correct. > Any ideas on how to make this work for iperf in client mode? > > Is there any way to specify a "default System IP Address"? > > I see that a Virtual IP can only be created for LAN or WAN interface > but not IPSEC interface. You'll have to create a bogus static route... ----------------------------------8<-------------------------------------- [...] Due to the way IPsec tunnels are kludged into the FreeBSD kernel, any traffic *initiated* by m0n0wall to go through an IPsec :tunnel gets the wrong source IP (and typically doesn't go through the tunnel at all as a result). Theoretically this :*shouldn't* be an issue for the *server* side of SNMP, but perhaps the server has a bug (well, deficiency, at least) where it :doesn't send the response out through a socket bound to the request packet. You can fake it out by adding a bogus static route :to the remote end of the tunnel via the m0n0wall's LAN IP (assuming that's within the near-end tunnel range). A good test is :to see whether you can ping something at the remote end of the tunnel (e.g. the SNMP remote) *from* the m0n0wall. There's an :annoying but mostly harmless side-effect to this - every LAN packet to the tunnel elicits a no-change ICMP Redirect. [...] To do this on 2.0, click System > Routing. On the Gateways, tab, click + and add a gateway using your LAN IP address (check the box to disable monitoring). Save/Apply, then go to the Static Routes tab, click +, enter the remote VPN network in the "Destination Network" box, select the LAN IP gateway that was created before, and add a description if you want, then Save/Apply. [...] ---------------------------------->8-------------------------------------- For further details see: http://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F HTH Cheers Jan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list