https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162014-07-22T05:55:57ZpfSense bugtrackerpfSense - Feature #3329: Allow creating "not" rules for IPsec Phase 2https://redmine.pfsense.org/issues/3329?journal_id=143452014-07-22T05:55:57ZJim Thompsonjim@netgate.com
<ul><li><strong>Assignee</strong> set to <i>Renato Botelho</i></li></ul> pfSense - Feature #3329: Allow creating "not" rules for IPsec Phase 2https://redmine.pfsense.org/issues/3329?journal_id=147692014-09-09T16:45:32ZErmal Luçieri@pfsense.org
<ul></ul><p>Now these should be called specifc policies.</p>
<p>Since phase2 is totally managed by the ipsec daemon there can be what is called shunt policies.<br />I am not sure where to put these on the GUI at this moment though!</p> pfSense - Feature #3329: Allow creating "not" rules for IPsec Phase 2https://redmine.pfsense.org/issues/3329?journal_id=152722014-10-20T19:56:41ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Target version</strong> deleted (<del><i>2.2</i></del>)</li></ul><p>not important for 2.2</p> pfSense - Feature #3329: Allow creating "not" rules for IPsec Phase 2https://redmine.pfsense.org/issues/3329?journal_id=333362017-07-28T14:16:09ZMarkus Stockhausen
<ul></ul><p>This feature wil be really helpful. Lets assume a office firewall connected to a HQ firewall. It serves sub multiple small subnets via different interfaces. Lets assumes these are 10.11.12.0/24 (LAN) and 10.20.30.0/24 (OPT1). To build a working routing one would need tens of SAs and build them around the subnets.</p>
<p>A simple implementation could be a single checkbox for each SA. If it is set the local SA part will create a shunt entry in ipsec.conf</p> pfSense - Feature #3329: Allow creating "not" rules for IPsec Phase 2https://redmine.pfsense.org/issues/3329?journal_id=333372017-07-28T14:20:57ZMarkus Stockhausen
<ul><li><strong>File</strong> <a href="/attachments/2111">shunt.png</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/2111/shunt.png">shunt.png</a> added</li></ul><p>Example implementation</p> pfSense - Feature #3329: Allow creating "not" rules for IPsec Phase 2https://redmine.pfsense.org/issues/3329?journal_id=375892018-08-08T06:38:29ZNCATS LAB
<ul></ul><p>Strongly Request feature.</p>
<p>We just lost a lot of time because this isn't implemented on SG-4860s.</p>
<p>On our REMOTE SG-4860, we has set up bridging for OPT1-OPT4 and couldn't figure out why everything worked to the GATEWAY except testing the DEF GW with PING.</p>
<p>System should be flexible enough to allow IPSEC tunnels on any interface without some background rule that only makes exceptions on LAN.</p>
<p>Thank-you</p> pfSense - Feature #3329: Allow creating "not" rules for IPsec Phase 2https://redmine.pfsense.org/issues/3329?journal_id=450412020-03-12T07:02:47ZViktor Gurov
<ul></ul><p><a class="external" href="https://github.com/pfsense/pfsense/pull/4230">https://github.com/pfsense/pfsense/pull/4230</a></p> pfSense - Feature #3329: Allow creating "not" rules for IPsec Phase 2https://redmine.pfsense.org/issues/3329?journal_id=450472020-03-12T09:58:42ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Pull Request Review</i></li></ul> pfSense - Feature #3329: Allow creating "not" rules for IPsec Phase 2https://redmine.pfsense.org/issues/3329?journal_id=475702020-08-27T08:41:36ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>Pull Request Review</i> to <i>Feedback</i></li><li><strong>Target version</strong> set to <i>2.5.0</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>PR has been merged. Thanks!</p> pfSense - Feature #3329: Allow creating "not" rules for IPsec Phase 2https://redmine.pfsense.org/issues/3329?journal_id=484542020-10-06T12:16:02ZAnonymous
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul>