Date: Sat, 05 Jan 2002 00:59:58 +0100 From: "Rogier R. Mulhuijzen" <drwilco@drwilco.net> To: "Cambria, Mike" <mcambria@avaya.com> Cc: freebsd-net@freebsd.org Subject: Re: TCP connection via IPsec machine also running natd Message-ID: <5.1.0.14.0.20020105005712.01cdcc50@mail.drwilco.net> In-Reply-To: <3A6D367EA1EFD4118C9B00A0C9DD99D7065399@rerun.lucentctc.com >
next in thread | previous in thread | raw e-mail | index | archive | help
>As I said earlier, packets which route through ipfw/natd get unencrypted and
>make it to the remote subnet just fine.
>
>Looking at 'ipfw -a l' it seems that the ESP packets are being received
>_after_ being diverted to natd, but just
>not sent to the socket:
I'm no IPsec expert (still something I need to look into) but something
that springs to mind is to allow the packet before the natd divert. I
couldn't say why this would work (since natd shouldn't touch the packet,
and you say other packets go through fine), but it's just a hunch =)
DocWilco
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20020105005712.01cdcc50>