Date: Tue, 24 May 2011 23:17:45 +1000 From: Da Rock <freebsd-pf@herveybayaustralia.com.au> To: freebsd-pf@freebsd.org Subject: Re: pf firewall nat and IPSec Message-ID: <4DDBAFF9.20705@herveybayaustralia.com.au> In-Reply-To: <20110524072550.GB70509@relay.ibs.dn.ua> References: <4DD8E815.4090209@herveybayaustralia.com.au> <20110522122229.GD36033@relay.ibs.dn.ua> <4DD9EF87.6070104@herveybayaustralia.com.au> <20110524072550.GB70509@relay.ibs.dn.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/24/11 17:25, Zeus V Panchenko wrote: > Da Rock (freebsd-pf@herveybayaustralia.com.au) [11.05.23 08:23] wrote: > >> Ok. So I've tried wifi hotspots and the mobile network- all no go. >> Racoon's obviously not the problem or L2TP; its definitely PF. >> > does your configuration work without pf? > > Not really an option atm- thats why I asked about other firewall types. My research has found that IPTables doesn't have a problem (according to IPCop)- needs some finer adjustments, but works. So I'm now looking at testing IPFW or IPFilter- I'll advise the outcome of this as well; if it works on either of these then it won't a BSD issue. But I'm still curious to find what could be the issue with PF if it does work on the others... Looking at my flows I see that Android appears to accept keys and start sending packets on 4500; whereas racoon local appears to ignore the packets and is left unaware that the keys are accepted. What I still haven't discovered is why? Is anyone further advanced on this? I'm currently considering a comparison of IP packets to see if there is any difference as it passes through PF. Thoughts?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DDBAFF9.20705>