Date: Mon, 13 Mar 2006 14:18:05 +0100 From: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> To: freebsd-net@freebsd.org Subject: Re: IPSec and packet filtering in FreeBSD 6.0 Message-ID: <20060313131804.GA23258@zen.inc> In-Reply-To: <44156D6C.7050605@servicefactory.se> References: <44156D6C.7050605@servicefactory.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 13, 2006 at 02:02:36PM +0100, Jonas Bülow wrote: > Hi, Hi. [....] > Running tcpdump on the physical interface towards A, I see the > encapsulated traffic. Using ipfilter's log option I can see the > encapsulated traffic and the decapsulated *incoming* traffic. Outgoing > traffic, to be encapsulated by IPSec/tunnel, is not seen. As a > consequence it is only possible to filter decapsulated incoming > traffic. I have a patch to add some kind of OpenBSD's enc0 interface to filter incoming IPSec traffic, and to be able to do some tcpdumps for both incoming/outgoing IPSec traffic. I still have to do some minor cleanups on it before sending the PR, it should be done during this week. [....] > I've read someware on this list IPSec should be on the pfil > interface. Is someone working in that direction? Is there any other > plan on chaning the integration of IPSec in FreeBSD? Where did you read this ? Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060313131804.GA23258>