net.inet.ip.fastforwarding and ipsec ?
Eugene Grosbein
eugen at grosbein.net
Mon May 30 07:38:24 UTC 2016
30.05.2016 14:21, Patrick Lamaiziere пишет:
> Hello,
>
> Documentation states that setting net.inet.ip.fastforwarding on a
> router breaks ipsec. But it's not clear to me "where" ipsec is broken.
>
> Is it ipsec broken to (or from) the router, but ipsec between differents
> hosts will work as expected.
>
> Or is it broken for all the ipsec traffic passing through the
> router ?
>
> Thanks regards,
Fastforwarded traffic is passed without any IPSEC processing,
so it gets no encryption/decryption.
Afaik, sysctl net.inet.ip.fastforwarding was removed from recent FreeBSD code
recently and traffic that can be fastforwarded is fastforwarded automagically
and traffic that cannot (f.e. IPSEC traffic) goes through full processing.
So, the problem you mention should be eliminated.
More information about the freebsd-net
mailing list