From owner-freebsd-stable@FreeBSD.ORG Thu Nov 3 15:53:01 2011 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DAFAC106564A for ; Thu, 3 Nov 2011 15:53:01 +0000 (UTC) (envelope-from pi@opsec.eu) Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1]) by mx1.freebsd.org (Postfix) with ESMTP id A07D08FC17 for ; Thu, 3 Nov 2011 15:53:01 +0000 (UTC) Received: from pi by home.opsec.eu with local (Exim 4.72 (FreeBSD)) (envelope-from ) id 1RLzb8-000ELz-I4 for freebsd-stable@freebsd.org; Thu, 03 Nov 2011 16:52:58 +0100 Date: Thu, 3 Nov 2011 16:52:58 +0100 From: Kurt Jaeger To: freebsd-stable@freebsd.org Message-ID: <20111103155258.GA68080@home.opsec.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: fbsd 8.2, L2TP over IPsec and pf ? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Nov 2011 15:53:01 -0000 Hello, I'm building a setup for incoming L2TP over IPsec connections using FreeBSD 8.2-REL. IPsec based on ports/security/ipsec-tools, the l2tp part works from net/mpd5/. If I disable the PF rules, everything works. If I enable the PF rules, the IPsec connection still comes up, but the L2TP requests are lost somewhere in the PF rules 8-( Interestingly, tcpdump enc0 does not see any encrypted packets (!) as long as the PF rules are active. Any hints on the PF rules required to allow those packets in ? Thanks! -- pi@opsec.eu +49 171 3101372 9 years to go !