Date: Thu, 31 Jul 2014 02:06:55 +0200 From: Sydney Meyer <syd.meyer@gmail.com> To: freebsd-pf@freebsd.org Subject: NAT IPSec Traffic with pf Message-ID: <9B8D62A1-8377-4D27-8E1B-816E16C96E5F@gmail.com>
next in thread | raw e-mail | index | archive | help
Got a reply in the forums from "junovitch": "There is a bug in 10.0-RELEASE with how how the kernel is tagging the = mbuf allocated with IPSEC packets as it gets tagged to skip firewalling. = Hence PF can't NAT what it can't see. Short answer is you need to = upgrade to 10.0-STABLE or use an older version of FreeBSD. Long answers: http://www.freebsd.org/cgi/query-pr.cgi?pr=3D185876 - The PR with the = technical details. https://forums.freebsd.org/viewtopic.php?f=3D7&t=3D45691 - Same issue = and the troubleshooting that helped find it." Upgrading to 10 STABLE fixed the issue. Cheers, S.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9B8D62A1-8377-4D27-8E1B-816E16C96E5F>