From owner-freebsd-net@freebsd.org  Mon May 30 07:21:25 2016
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7D76BB54662
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Mon, 30 May 2016 07:21:25 +0000 (UTC)
 (envelope-from patfbsd@davenulle.org)
Received: from sender163-mail.zoho.com (sender163-mail.zoho.com
 [74.201.84.163])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4D01B1D68
 for <freebsd-net@freebsd.org>; Mon, 30 May 2016 07:21:24 +0000 (UTC)
 (envelope-from patfbsd@davenulle.org)
Received: from mr185083 (mr185083.univ-rennes1.fr [129.20.185.83]) by
 mx.zohomail.com with SMTPS id 1464592883729124.29369894680474;
 Mon, 30 May 2016 00:21:23 -0700 (PDT)
Date: Mon, 30 May 2016 09:21:19 +0200
From: Patrick Lamaiziere <patfbsd@davenulle.org>
To: freebsd-net@freebsd.org
Subject: net.inet.ip.fastforwarding and ipsec ?
Message-ID: <20160530092119.50b799bf@mr185083>
X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.29; amd64-portbld-freebsd10.3)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 30 May 2016 07:21:25 -0000

Hello,

Documentation states that setting net.inet.ip.fastforwarding on a
router breaks ipsec. But it's not clear to me "where" ipsec is broken.

Is it ipsec broken to (or from) the router, but ipsec between differents
hosts will work as expected. 

Or is it broken for all the ipsec traffic passing through the
router ?

Thanks regards,