Date: Tue, 23 Oct 2001 19:41:23 +0900 From: Shoichi Sakane <sakane@kame.net> To: snap-users@kame.net, ipfw@freebsd.org Subject: Re: (KAME-snap 5576) IPFW/IPSEC/NAT interaction issues with 4.4 Message-ID: <20011023194123V.sakane@kame.net> In-Reply-To: Your message of "Tue, 23 Oct 2001 10:45:22 %2B0200" <20011023104522.E87507@itouchlabs.com> References: <20011023104522.E87507@itouchlabs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm hoping someone here can shed some light on a problem I came across this > morning. I have two VPN gateways connected to cisco VPN concentrators. > These are running Freebsd 4.2-RELEASE and 4.4-RELEASE. The 4.2 based > gateway has been functioning without hastles for a while now. however when > I configured the 4.4 based system this morning, I ran into the problem that > the IP packets seem to ne be being re-injected into the firewall ruleset > after the ESP decapsulation. The firewall rulesets are identicle between > the systems. This re-injection is neccessary for me to be able to then > place the packet into a divert socket feeding natd, and from there onto the > client machines behind the VPN gateway. how was the difference of the output of "netstat" before a encrypted packet arrived at the freebsd vpn box, and after the packet went away somewhere ? i have a report that "unknown/unsupported protocol" in the ipsec section of "netstat" is counted. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011023194123V.sakane>