On Thu, 3 Nov 2011, Kurt Jaeger wrote:
Hello,
I'm building a setup for incoming L2TP over IPsec connections
using FreeBSD 8.2-REL.
I assume you are explicitly using tunnel mode?
IPsec based on ports/security/ipsec-tools, the l2tp part
works from net/mpd5/.
If I disable the PF rules, everything works.
If I enable the PF rules, the IPsec connection still comes up,
but the L2TP requests are lost somewhere in the PF rules 8-(
Interestingly, tcpdump enc0 does not see any encrypted packets (!)
as long as the PF rules are active.
tried playing with the sysctls of enc(4)?
net.enc.in.ipsec_bpf_mask=0x00000003
net.enc.in.ipsec_filter_mask=0x00000003
Any hints on the PF rules required to allow those packets in ?
need more details (if you want also off-list).
--
Bjoern A. Zeeb You have to have visions!
Stop bit received. Insert coin for new address family.
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"