6.2-STABLE: enc0 sees only outgoing packets in pf
volker at vwsoft.com
Mon Mar 26 00:58:39 UTC 2007
Andrew, Andre & all,
I've checked it out once more (with a corrected setup) and now have
been able to block traffic on enc0 in both directions (no matter if
the tunnel endpoint is final destination or not).
Sorry for my first false posting.
In this test case both machines (tunnel endpoints) are:
FreeBSD ... 6.2-RELEASE-p1 FreeBSD 6.2-RELEASE-p1 #0: Sun Feb 11
22:35:18 CET 2007 root at ...:/usr/obj/usr/src/sys/GwMbg i386
One machine is using racoon (ipsec-tools), the other is using racoon2.
enc0: flags=41<UP,RUNNING> mtu 1536
relevant kernconf parts:
If you still have trouble getting IPSec + enc0 + pf to work, please
post me a private message. I know it's hard to find someone who has
a working IPSec setup and is willing to help.
At least my test setup shows it is not just possible to block
traffic on device enc0 using pf, but to see all traffic in the pf
logs (if being configured to do so).
Probably you're willing to show us your pf rules to have a look at it?
Have pfun! ;)
More information about the freebsd-pf