Date: Wed, 16 Apr 2008 17:04:30 -0400 From: "Vadym Chepkov" <vchepkov@gmail.com> To: <freebsd-pf@freebsd.org> Subject: PF and NAT-T Message-ID: <005601c8a005$776e5820$0610a8c0@chepkov.lan>
next in thread | raw e-mail | index | archive | help
Hello, I am using FreeBSD 6.3-RELEASE-p1 with NAT-T patch applied (freebsd6-natt.diff, http://ipsec-tools.cvs.sourceforge.net/ipsec-tools/htdocs/ ) PF works as expected with "regular" IPSEC. But if I try to use NAT-T, packets get lost, I don't see them on internal interface. I created this pf.conf for testing: set loginterface enc0 set debug loud This is what I see in status: Interface Stats for enc0 IPv4 IPv6 Bytes In 120 0 Bytes Out 0 0 Packets In Passed 0 0 Blocked 2 0 Nothing useful in the log file. When I add 'set skip on enc', everything starts to work fine. How can I determine why those packets got blocked? Thank you, Vadym Chepkov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005601c8a005$776e5820$0610a8c0>