Date: Fri, 26 Oct 2001 13:24:13 +0200 From: Barry Irwin <bvi@itouchlabs.com> To: Mike Harding <mvh@ix.netcom.com> Cc: vita@fio.cz, stable@freebsd.org Subject: Re: IPFW/IPSEC/NAT interaction issues with 4.4, Bug ??? Message-ID: <20011026132413.C36954@itouchlabs.com> In-Reply-To: <20011026021302.5EE59134D2@netcom1.netcom.com>; from mvh@ix.netcom.com on Thu, Oct 25, 2001 at 07:13:02PM -0700 References: <XFMail.20011025140636.vita@fio.cz> <20011026021302.5EE59134D2@netcom1.netcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu 2001-10-25 (19:13), Mike Harding wrote: > This is a feature - if you don't do this, you can't tell decapsulated > traffic from raw traffic. That was the old config. If you have a > router, you can filter on the inside interface. I suggested inserting > the traffic on a fake interface so you could do more interesting > things like NAT, better filtering, etc, but some KAME folk seemed to > get very upset about this, although I couldn't follow the reasoning... This is rather nasty :< sort of shoot a hole in my reasoning to use BSD as a VPN gateway,as this causes the tunneling to fail for all our required links, the issue is that it DID work on 4.2 ! Anyone got a patch to work around this ? Barry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011026132413.C36954>