Date: Thu, 31 Jul 2014 02:06:55 +0200 From: Sydney Meyer <syd.meyer@gmail.com> To: freebsd-pf@freebsd.org Subject: NAT IPSec Traffic with pf Message-ID: <9B8D62A1-8377-4D27-8E1B-816E16C96E5F@gmail.com>
next in thread | raw e-mail | index | archive | help
Got a reply in the forums from "junovitch": "There is a bug in 10.0-RELEASE with how how the kernel is tagging the mbuf allocated with IPSEC packets as it gets tagged to skip firewalling. Hence PF can't NAT what it can't see. Short answer is you need to upgrade to 10.0-STABLE or use an older version of FreeBSD. Long answers: http://www.freebsd.org/cgi/query-pr.cgi?pr=185876 - The PR with the technical details. https://forums.freebsd.org/viewtopic.php?f=7&t=45691 - Same issue and the troubleshooting that helped find it." Upgrading to 10 STABLE fixed the issue. Cheers, S.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9B8D62A1-8377-4D27-8E1B-816E16C96E5F>