Date: Thu, 17 May 2001 15:44:34 -0500 From: "Jason Cowan" <jcowan@addtronics.net> To: <freebsd-net@freebsd.org> Subject: ipsec & ipfilter Message-ID: <PJEJIBJHELEPCDJPPPJLCEKCCBAA.jcowan@addtronics.net>
next in thread | raw e-mail | index | archive | help
I have ipsec tunnel working on freebsd 4.3 using private addresses for both internal sides of the tunnel. (192.168.1.0 & 192.168.2.0) When I enable ipfilter blocking 192.168.1.0 on the external interface the tunnel no longer works. Here's whats happening: 1. I'm passing esp proto and udp port 500 on external interface so the packets get through. 2. Next, the packet gets blocked on external interface with destination address of 192.168.1.120. Why doesn't it switch the interface after it's decrypted? When I turn off ipfilter and am using tcpdump, it never shows the decrypted packet on the external interface with the destination address of 192.168.1.120. If I remove the one line in ipfilter that blocks 192.168.0.0/16 then it begins working again. Any suggestions? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?PJEJIBJHELEPCDJPPPJLCEKCCBAA.jcowan>