Date: Fri, 4 Nov 2011 04:02:47 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: Kurt Jaeger <pi@opsec.eu> Cc: freebsd-stable@freebsd.org Subject: Re: fbsd 8.2, L2TP over IPsec and pf ? Message-ID: <alpine.BSF.2.00.1111040400321.68690@ai.fobar.qr> In-Reply-To: <20111103155258.GA68080@home.opsec.eu> References: <20111103155258.GA68080@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 3 Nov 2011, Kurt Jaeger wrote:
> Hello,
>
> I'm building a setup for incoming L2TP over IPsec connections
> using FreeBSD 8.2-REL.
I assume you are explicitly using tunnel mode?
> IPsec based on ports/security/ipsec-tools, the l2tp part
> works from net/mpd5/.
>
> If I disable the PF rules, everything works.
>
> If I enable the PF rules, the IPsec connection still comes up,
> but the L2TP requests are lost somewhere in the PF rules 8-(
>
> Interestingly, tcpdump enc0 does not see any encrypted packets (!)
> as long as the PF rules are active.
tried playing with the sysctls of enc(4)?
net.enc.in.ipsec_bpf_mask=0x00000003
net.enc.in.ipsec_filter_mask=0x00000003
> Any hints on the PF rules required to allow those packets in ?
need more details (if you want also off-list).
--
Bjoern A. Zeeb You have to have visions!
Stop bit received. Insert coin for new address family.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1111040400321.68690>