pf and enc0
Vadym Chepkov
vchepkov at gmail.com
Tue Feb 2 09:47:27 UTC 2010
Hi,
I have stumbled on a problem and I am not sure if it's a bug or a feature.
very simple block rules
# pfctl -sr | grep block
block return in log on bge0 all
block return in quick on bge0 from <martians> to any
block return out quick on bge0 from any to <martians>
bge0 is my WAN interface, I have FreeBSD 6.4
I enabled IPSEC in my kernel
options FAST_IPSEC
options IPSEC_NAT_T
device enc
device crypto
device cryptodev
and all works fine until I do 'ifconfig enc0 up'
after that traffic coming through ipsec tunnel is getting rejected and I can see it's recorded in pflog0
I am not sure why and how to prevent this from happening.
Thanks,
Vadym Chepkov
More information about the freebsd-pf
mailing list