Hello,

I am using FreeBSD 6.3-RELEASE-p1 with NAT-T patch applied (freebsd6-natt.diff, http://ipsec-tools.cvs.sourceforge.net/ipsec-tools/htdocs/ )

PF works as expected with "regular" IPSEC. But if I try to use NAT-T, packets get lost, I don't see them on internal interface.

I created this pf.conf for testing:

set loginterface enc0
set debug loud

This is what I see in status:

Interface Stats for enc0              IPv4             IPv6
  Bytes In                             120                0
  Bytes Out                              0                0
  Packets In
    Passed                               0                0
    Blocked                              2                0

Nothing useful in the log file.

When I add 'set skip on enc', everything starts to work fine.
How can I determine why those packets got blocked?

Thank you,
Vadym Chepkov



_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to