Date: Fri, 21 Jul 2017 12:59:00 +0200 From: "Muenz, Michael" <m.muenz@spam-fetish.org> To: freebsd-net@freebsd.org Subject: Re: NAT before IPSEC - reply packets stuck at enc0 Message-ID: <cdb7e172-4074-4559-1e91-90c8e9276134@spam-fetish.org> In-Reply-To: <15e6eb38-ef0c-7bfd-5f2c-d2acc8ea1af4@yandex.ru> References: <459d59f7-2895-8aed-d547-be46a0fbb918@spam-fetish.org> <a082662c-145e-0132-18ef-083adaa59c33@yandex.ru> <1c0de616-91ff-a6f9-d946-f098bc1a709f@spam-fetish.org> <911903d1-f353-d5d6-d400-d86150f88136@yandex.ru> <2d607e1a-a2c0-0f85-1530-c478962a76cd@spam-fetish.org> <3344e189-cdf0-a2c9-3a2a-645460866f2d@yandex.ru> <1279753e-9ad1-2c02-304e-5001e2bbc82f@spam-fetish.org> <15e6eb38-ef0c-7bfd-5f2c-d2acc8ea1af4@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 19.07.2017 um 15:35 schrieb Andrey V. Elsukov: > > Check what you will see if you set net.enc.in.ipsec_bpf_mask=3. > You should see the reply two times, the second one should be with > translated address. > Googling around with "nat before ipsec" and freebsd shows many topics like this. It seems with 11.0 release there were some significant changes to enc which made this impossible. Michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cdb7e172-4074-4559-1e91-90c8e9276134>