Date: Tue, 3 Jan 2012 20:30:21 -0800 From: Edward Carrel <azanar@carrel.org> To: Damien Fleuriot <ml@my.gd> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>, Da Rock <freebsd-questions@herveybayaustralia.com.au> Subject: Re: pf not seeing inbound packets on netgraph interface Message-ID: <7999DEBF-0F29-4F94-8A69-942176004C4E@carrel.org> In-Reply-To: <20492D60-81BE-43A1-BCE1-594F5715ABF6@my.gd> References: <CAC6u2XeLijriLrYgiUf32BMLzYF-uza18c_e9Rk9jXmxe0fW2w@mail.gmail.com> <4F02AC09.6080005@herveybayaustralia.com.au> <20492D60-81BE-43A1-BCE1-594F5715ABF6@my.gd>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 3, 2012, at 12:12 AM, Damien Fleuriot wrote: > Thinking -pf@ or -net@ would be a better place to discuss this, more = chances of getting an answer. I was wondering about that. I'll send my question to -net@ to start. = Thanks. > Out of curiosity why not use a gif interface ? > I had that working just fine with racoon and was able to actually = firewall traffic on it with PF, iirc. =46rom what I understand of gif interfaces, they are useful when IPSec = is handling the tunnel pretty much end-to-end, and just needs a = passthrough interface to direct traffic to and from. If I am wrong about = this, please let me know. The reason why I'm using netgraph instead is because the LNS is not run = by me, and there is no other way of connecting to the other end but via = L2TP/IPSec.=20 If there is a way to use L2TP, and leverage a gif interface to complete = the loop on my end, I'd be interested to hear about it. Thanks, Ed Carrel=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7999DEBF-0F29-4F94-8A69-942176004C4E>