From owner-freebsd-questions@FreeBSD.ORG  Wed Jan  4 04:31:58 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 46CA3106566B
	for <freebsd-questions@freebsd.org>;
	Wed,  4 Jan 2012 04:31:58 +0000 (UTC)
	(envelope-from azanar@carrel.org)
Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com
	[209.85.210.182])
	by mx1.freebsd.org (Postfix) with ESMTP id E9A728FC0A
	for <freebsd-questions@freebsd.org>;
	Wed,  4 Jan 2012 04:31:57 +0000 (UTC)
Received: by iadj38 with SMTP id j38so40138351iad.13
	for <freebsd-questions@freebsd.org>;
	Tue, 03 Jan 2012 20:31:57 -0800 (PST)
Received: by 10.50.222.233 with SMTP id qp9mr65885060igc.1.1325651517204;
	Tue, 03 Jan 2012 20:31:57 -0800 (PST)
Received: from rowlf.sea.carrel.org (dsl231-050-036.sea1.dsl.speakeasy.net.
	[216.231.50.36])
	by mx.google.com with ESMTPS id py9sm93209599igc.2.2012.01.03.20.31.54
	(version=TLSv1/SSLv3 cipher=OTHER);
	Tue, 03 Jan 2012 20:31:55 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset=us-ascii
From: Edward Carrel <azanar@carrel.org>
In-Reply-To: <20492D60-81BE-43A1-BCE1-594F5715ABF6@my.gd>
Date: Tue, 3 Jan 2012 20:30:21 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <7999DEBF-0F29-4F94-8A69-942176004C4E@carrel.org>
References: <CAC6u2XeLijriLrYgiUf32BMLzYF-uza18c_e9Rk9jXmxe0fW2w@mail.gmail.com>
	<4F02AC09.6080005@herveybayaustralia.com.au>
	<20492D60-81BE-43A1-BCE1-594F5715ABF6@my.gd>
To: Damien Fleuriot <ml@my.gd>
X-Mailer: Apple Mail (2.1251.1)
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>,
	Da Rock <freebsd-questions@herveybayaustralia.com.au>
Subject: Re: pf not seeing inbound packets on netgraph interface
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2012 04:31:58 -0000

On Jan 3, 2012, at 12:12 AM, Damien Fleuriot wrote:

> Thinking -pf@ or -net@ would be a better place to discuss this, more =
chances of getting an answer.

I was wondering about that. I'll send my question to -net@ to start. =
Thanks.

> Out of curiosity why not use a gif interface ?
> I had that working just fine with racoon and was able to actually =
firewall traffic on it with PF, iirc.

=46rom what I understand of gif interfaces, they are useful when IPSec =
is handling the tunnel pretty much end-to-end, and just needs a =
passthrough interface to direct traffic to and from. If I am wrong about =
this, please let me know.

The reason why I'm using netgraph instead is because the LNS is not run =
by me, and there is no other way of connecting to the other end but via =
L2TP/IPSec.=20

If there is a way to use L2TP, and leverage a gif interface to complete =
the loop on my end, I'd be interested to hear about it.

Thanks,

Ed Carrel=