Date: Wed, 05 Aug 2020 15:39:52 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 248474] NAT broken on IPsec/VTI [if_ipsec] Message-ID: <bug-248474-7501-f7bA9jUXjF@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-248474-7501@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474 --- Comment #16 from Eugene Grosbein <eugen@freebsd.org> --- (In reply to Michael Muenz from comment #14) Every transit packet coming from LAN to WAN first passes pfil hooks as incoming packet before routing lookup for destination, then routing lookup is performed to determine outgoing interface, then packes passes pfil hooks second time as outgoing traffic. If one needs to perform NAT translation for outgoing traffic first and later IPSEC processing, that must be done this way: configure translation at first pass before routing lookup as opposed to more traditional second pass. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-248474-7501-f7bA9jUXjF>