From owner-freebsd-net@FreeBSD.ORG  Fri Feb  7 11:31:47 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C5CFFFFC
 for <freebsd-net@freebsd.org>; Fri,  7 Feb 2014 11:31:47 +0000 (UTC)
Received: from forward10.mail.yandex.net (forward10.mail.yandex.net
 [IPv6:2a02:6b8:0:202::5])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6C4731080
 for <freebsd-net@freebsd.org>; Fri,  7 Feb 2014 11:31:47 +0000 (UTC)
Received: from smtp8.mail.yandex.net (smtp8.mail.yandex.net [77.88.61.54])
 by forward10.mail.yandex.net (Yandex) with ESMTP id 534211020315;
 Fri,  7 Feb 2014 15:31:43 +0400 (MSK)
Received: from smtp8.mail.yandex.net (localhost [127.0.0.1])
 by smtp8.mail.yandex.net (Yandex) with ESMTP id 1771D1B600B9;
 Fri,  7 Feb 2014 15:31:43 +0400 (MSK)
Received: from 95.108.170.136-red.dhcp.yndx.net
 (95.108.170.136-red.dhcp.yndx.net [95.108.170.136])
 by smtp8.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id ZiVc0LK9Id-VgNKQD23; 
 Fri,  7 Feb 2014 15:31:42 +0400
 (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits))
 (Client certificate not present)
X-Yandex-Uniq: 90117219-d4ae-44d6-9009-a3c8a9d553c5
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
 t=1391772702; bh=9ueK8hqFy8Fm3xBEYECafP3Sq22rdXKKAGCQKo7xUv4=;
 h=Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:
 References:In-Reply-To:X-Enigmail-Version:Content-Type:
 Content-Transfer-Encoding;
 b=oDXiqLr+Y96evoOD2W5ILZELfYtB0U2v+sEgu3iE09I4h8sV2jaKYkqeBkva1pb+o
 /PKOZA1LOZ0oMTwHUZQDQN32Bh5+A7cduJ9mmD5+VvFzXukVGx30RVzEoV6tLCdTPa
 ZvwmVwC6zQpOLIQbHREGnkE2igsHRwo1cMmdMSw0=
Authentication-Results: smtp8.mail.yandex.net; dkim=pass header.i=@yandex.ru
Message-ID: <52F4C41B.3030101@yandex.ru>
Date: Fri, 07 Feb 2014 15:31:39 +0400
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Nicolas DEFFAYET <nicolas-ml@deffayet.com>, freebsd-net@freebsd.org
Subject: Re: IPsec filtertunnel broken on FreeBSD 10
References: <1391725273.22934.16.camel@fr-wks3.corp.novso.com>
In-Reply-To: <1391725273.22934.16.camel@fr-wks3.corp.novso.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2014 11:31:47 -0000

On 07.02.2014 02:21, Nicolas DEFFAYET wrote:
> Hello,
> 
> The IPsec filtertunnel is broken on FreeBSD 10: incoming packets
> decapsulated are not going to firewall and to the pseudo interface enc.
> 
> This issue affect 10.0-RELEASE and 10.0-STABLE.
> 9.1-RELEASE and 9.2-RELEASE are not affected.
> 
> Of course the systctl show that filtertunnel is enabled:
> net.inet.ipsec.filtertunnel=1
> net.inet6.ipsec.filtertunnel=1

Can you show what values do you have in the
sysctl net.enc ?

-- 
WBR, Andrey V. Elsukov