pf not seeing inbound packets on netgraph interface
Edward Carrel
azanar at carrel.org
Wed Jan 4 04:31:58 UTC 2012
On Jan 3, 2012, at 12:12 AM, Damien Fleuriot wrote:
> Thinking -pf@ or -net@ would be a better place to discuss this, more chances of getting an answer.
I was wondering about that. I'll send my question to -net@ to start. Thanks.
> Out of curiosity why not use a gif interface ?
> I had that working just fine with racoon and was able to actually firewall traffic on it with PF, iirc.
From what I understand of gif interfaces, they are useful when IPSec is handling the tunnel pretty much end-to-end, and just needs a passthrough interface to direct traffic to and from. If I am wrong about this, please let me know.
The reason why I'm using netgraph instead is because the LNS is not run by me, and there is no other way of connecting to the other end but via L2TP/IPSec.
If there is a way to use L2TP, and leverage a gif interface to complete the loop on my end, I'd be interested to hear about it.
Thanks,
Ed Carrel
More information about the freebsd-questions
mailing list