fbsd 8.2, L2TP over IPsec and pf ?
Bjoern A. Zeeb
bz at FreeBSD.org
Fri Nov 4 04:22:06 UTC 2011
On Thu, 3 Nov 2011, Kurt Jaeger wrote:
> Hello,
>
> I'm building a setup for incoming L2TP over IPsec connections
> using FreeBSD 8.2-REL.
I assume you are explicitly using tunnel mode?
> IPsec based on ports/security/ipsec-tools, the l2tp part
> works from net/mpd5/.
>
> If I disable the PF rules, everything works.
>
> If I enable the PF rules, the IPsec connection still comes up,
> but the L2TP requests are lost somewhere in the PF rules 8-(
>
> Interestingly, tcpdump enc0 does not see any encrypted packets (!)
> as long as the PF rules are active.
tried playing with the sysctls of enc(4)?
net.enc.in.ipsec_bpf_mask=0x00000003
net.enc.in.ipsec_filter_mask=0x00000003
> Any hints on the PF rules required to allow those packets in ?
need more details (if you want also off-list).
--
Bjoern A. Zeeb You have to have visions!
Stop bit received. Insert coin for new address family.
More information about the freebsd-stable
mailing list