From owner-freebsd-net Thu May 17 13:44:38 2001 Delivered-To: freebsd-net@freebsd.org Received: from lori.logixcom.net (lori.logixcom.net [209.49.5.9]) by hub.freebsd.org (Postfix) with ESMTP id 8B38D37B423 for ; Thu, 17 May 2001 13:44:35 -0700 (PDT) (envelope-from jcowan@addtronics.net) Received: from JCOWAN (mail.addtronics.net [209.119.127.99]) by lori.logixcom.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id LA4PCJGV; Thu, 17 May 2001 15:47:02 -0500 From: "Jason Cowan" To: Subject: ipsec & ipfilter Date: Thu, 17 May 2001 15:44:34 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: X-Loop: FreeBSD.org I have ipsec tunnel working on freebsd 4.3 using private addresses for both internal sides of the tunnel. (192.168.1.0 & 192.168.2.0) When I enable ipfilter blocking 192.168.1.0 on the external interface the tunnel no longer works. Here's whats happening: 1. I'm passing esp proto and udp port 500 on external interface so the packets get through. 2. Next, the packet gets blocked on external interface with destination address of 192.168.1.120. Why doesn't it switch the interface after it's decrypted? When I turn off ipfilter and am using tcpdump, it never shows the decrypted packet on the external interface with the destination address of 192.168.1.120. If I remove the one line in ipfilter that blocks 192.168.0.0/16 then it begins working again. Any suggestions? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message