IPIP with pfSense Firewalls
You simply need to edit the GUI php files so that you can select IPIP, AX25 etc from the GUI and then it all works.
I used this advice that I found in a mailing list a few years back.
How can i modify my firewall to allow packet forwarding of Protocol 4 and 93? This is for 44net (AMPR.ORG) traffic which is an encapsulated IPIP packet as well as RIPd broadcasts.
Mostly you'd just need to find and edit the protocol lists in the GUI and add the protocol's name from /etc/protocols.
usr/local/www/firewall_nat_edit.php:535: <?php $protocols = explode(" ", "TCP UDP TCP/UDP GRE ESP ICMP"); foreach ($protocols as $proto): ?> usr/local/www/firewall_nat_out_edit.php:488: <?php $protocols = explode(" ", "any TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP carp pfsync"); usr/local/www/firewall_rules_edit.php:861: $protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP OSPF any carp pfsync");
So you'd add " ipencap ax.25" in those lists.
Can't say for sure that will work with those protocols, but that's the usual path to take.
Thanks for sharing that information.
It may be beneficial to make an overlay that can easily be sftp'd to the target pfsense device.
Or the pfsense project could be forked similar to how open wrt was forked for ham use as this has just as much flexibility as the hsmm-mesh software.
I have been a deployer and tester for years, great software. I have also created custom patched versions to support things like soundmodems, strange wifi cards, and weird 3g card drivers.
If there is anyone interested, please send me an email off list as I have been thinking of a ham version of pfsense for years.
SELCOMS Board Member
Louisiana AMPRNET Coordinator