pf rdr statement & ipsec processing interaction
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Tue Aug 14 10:20:07 UTC 2007
On Tue, 14 Aug 2007, Eric Masson wrote:
> "Bjoern A. Zeeb" <bzeeb-lists at lists.zabbadoz.net> writes:
>
> Hello Bjoern & all,
>
>> this is expected behavior. You want to read about the
>> IPSEC_FILTERTUNNEL (fka. IPSEC_FILTERGIF) kernel option and
>> enc(4).
>
> I've compiled a new kernel with IPSEC_FILTERGIF, tcpdump now can see
> unencrypted L2TP packets on external interfaces but rdr rule doesn't
> have any effect.
>
> Just to be sure, I added "device enc" to the kernel configuration and
> changed the rdr rule to :
> rdr on enc0 proto udp from any to ($ext_if) port 1701 -> 10.127.0.1 port 1701
>
> But no success atm. Any idea ?
ifconfig enc0 | grep UP
if not, ifconfig enc0 up
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
Software is harder than hardware so better get it right the first time.
More information about the freebsd-net
mailing list