From owner-freebsd-questions@FreeBSD.ORG Wed Jan 4 16:30:17 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D38711065680 for ; Wed, 4 Jan 2012 16:30:17 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-tul01m020-f182.google.com (mail-tul01m020-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id A18B78FC0A for ; Wed, 4 Jan 2012 16:30:17 +0000 (UTC) Received: by obbwd18 with SMTP id wd18so20588289obb.13 for ; Wed, 04 Jan 2012 08:30:17 -0800 (PST) MIME-Version: 1.0 Received: by 10.182.179.70 with SMTP id de6mr5623923obc.22.1325694616623; Wed, 04 Jan 2012 08:30:16 -0800 (PST) Received: by 10.182.17.67 with HTTP; Wed, 4 Jan 2012 08:30:16 -0800 (PST) In-Reply-To: <7999DEBF-0F29-4F94-8A69-942176004C4E@carrel.org> References: <4F02AC09.6080005@herveybayaustralia.com.au> <20492D60-81BE-43A1-BCE1-594F5715ABF6@my.gd> <7999DEBF-0F29-4F94-8A69-942176004C4E@carrel.org> Date: Wed, 4 Jan 2012 08:30:16 -0800 Message-ID: From: Michael Sierchio To: Edward Carrel Content-Type: text/plain; charset=ISO-8859-1 Cc: Damien Fleuriot , "freebsd-questions@freebsd.org" , Da Rock Subject: Re: pf not seeing inbound packets on netgraph interface X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jan 2012 16:30:17 -0000 man 4 enc On Tue, Jan 3, 2012 at 8:30 PM, Edward Carrel wrote: > On Jan 3, 2012, at 12:12 AM, Damien Fleuriot wrote: > >> Thinking -pf@ or -net@ would be a better place to discuss this, more chances of getting an answer. > > I was wondering about that. I'll send my question to -net@ to start. Thanks. > >> Out of curiosity why not use a gif interface ? >> I had that working just fine with racoon and was able to actually firewall traffic on it with PF, iirc. > > From what I understand of gif interfaces, they are useful when IPSec is handling the tunnel pretty much end-to-end, and just needs a passthrough interface to direct traffic to and from. If I am wrong about this, please let me know. > > The reason why I'm using netgraph instead is because the LNS is not run by me, and there is no other way of connecting to the other end but via L2TP/IPSec. > > If there is a way to use L2TP, and leverage a gif interface to complete the loop on my end, I'd be interested to hear about it. > > Thanks, > > Ed Carrel_______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"