From owner-freebsd-questions@FreeBSD.ORG Fri Jun 6 08:42:26 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F12E37B401; Fri, 6 Jun 2003 08:42:26 -0700 (PDT) Received: from mail.litech.net (mail.litech.net [193.232.65.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5404143FB1; Fri, 6 Jun 2003 08:42:22 -0700 (PDT) (envelope-from mike@LITech.lviv.ua) Received: from ah.litech.net (ah.litech.net [193.232.65.1]) by mail.litech.net (Postfix) with ESMTP id F20DC46D54; Fri, 6 Jun 2003 18:42:15 +0300 (EET DST) (envelope-from mike@LITech.lviv.ua) Date: Fri, 6 Jun 2003 18:42:15 +0300 (EEST) From: Mike Futerko X-X-Sender: mike@ah.litech.net To: freebsd-questions@freebsd.org, Message-ID: <20030606182845.R24492-100000@ah.litech.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: IPSec + gre X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 15:42:26 -0000 Hi, This is bug or feature that gre tunnel doesn't work under IPSec? I use gif tunnels for the following circuit - they do works just fine, except that I can't filter (ipfw) incoming packets that comes from gif. So I tried gre without IPSec and it works OK - I can filter incoming and outgoing packets in ipfw. But when I try to establish IPSec between tunnel routers - gre stop working. Note that IPSec works as I can ping tunnel routers between each other. LAN1 - TunnelRouter1 (IPSec) -- Internet -- TunnelRouter2 (IPSec) -- LAN2 | | +------------ gif or gre tunnel ------+ Now going to try 'options IPSEC_FILTERGIF' in the kernel config file. Maybe I do something wrong with configuration? Thanks, Mike.