fbsd 8.2, L2TP over IPsec and pf ?

Bjoern A. Zeeb bz at FreeBSD.org
Fri Nov 4 04:22:06 UTC 2011


On Thu, 3 Nov 2011, Kurt Jaeger wrote:

> Hello,
>
> I'm building a setup for incoming L2TP over IPsec connections
> using FreeBSD 8.2-REL.

I assume you are explicitly using tunnel mode?


> IPsec based on ports/security/ipsec-tools, the l2tp part
> works from net/mpd5/.
>
> If I disable the PF rules, everything works.
>
> If I enable the PF rules, the IPsec connection still comes up,
> but the L2TP requests are lost somewhere in the PF rules 8-(
>
> Interestingly, tcpdump enc0 does not see any encrypted packets (!)
> as long as the PF rules are active.

tried playing with the sysctls of enc(4)?
net.enc.in.ipsec_bpf_mask=0x00000003
net.enc.in.ipsec_filter_mask=0x00000003


> Any hints on the PF rules required to allow those packets in ?

need more details (if you want also off-list).

-- 
Bjoern A. Zeeb                                 You have to have visions!
          Stop bit received. Insert coin for new address family.


More information about the freebsd-stable mailing list