Date: Fri, 4 Nov 2011 14:18:56 +0100 From: Kurt Jaeger <lists@c0mplx.org> To: freebsd-stable@freebsd.org Subject: Re: fbsd 8.2, L2TP over IPsec and pf ? Message-ID: <20111104131856.GD68080@home.opsec.eu> In-Reply-To: <20111103155258.GA68080@home.opsec.eu> References: <20111103155258.GA68080@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > I'm building a setup for incoming L2TP over IPsec connections > using FreeBSD 8.2-REL. > > IPsec based on ports/security/ipsec-tools, the l2tp part > works from net/mpd5/. > > If I disable the PF rules, everything works. > > If I enable the PF rules, the IPsec connection still comes up, > but the L2TP requests are lost somewhere in the PF rules 8-( > > Interestingly, tcpdump enc0 does not see any encrypted packets (!) > as long as the PF rules are active. > > Any hints on the PF rules required to allow those packets in ? Turns out: ESP in/out was missing. set debug misc in the pf.conf is worth a lot 8-) Thanks for all help (by private mail). I'll try to document this setup on some webpage (but this will take 1-2 month due to other projects 8-( -- pi@opsec.eu +49 171 3101372 9 years to go !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111104131856.GD68080>