News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Feature Requests
linktree Topic: ACL for IPSEC tunnels
Pages: [1]
Topic: ACL for IPSEC tunnels  (Read 2418 times)
« on: May 09, 2007, 13:02:39 »
JohnJFowler *
Posts: 18
It would be nice to have the ability to create an Access List, Network Alias or similar feature for IPSEC Tunnels to define more than one remote IP and/or Subnet without the need to create multiple IPSEC tunnel configurations for each differing IP and/or Subnet.

An example would be if supporting a customer network via VPN where their remote network addresses are within 192.168.1.0/24, 172.31.2.0/28 and a single IP address 192.168.4.37 but to create a larger remote subnet to cater the various addresses would not be suitable.

At present (if understood correctly), there would need to be 3 IPSEC configurations needed, pointing to the same remote gateway to do the above. If there are multiple customers with multiple subnets, it can get confusing as to which tunnel is running or not and to configure, especially if preshared keys or certificates are changed on a regular basis.
« Reply #1 on: May 10, 2007, 02:01:26 »
cmb *****
Posts: 851
You're correct as to the current functionality. The underlying software supports the use of one tunnel, it's just a matter of somebody writing the supporting m0n0wall code.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines