On Thursday 31 July 2008 17:35:06 Tilman Linneweh wrote: > Hi list, > > My setup: > > LAN -> Router with PF <- gif tunnel with IPSEC -> Server > > The router is running FreeBSD 7.0. Protocol is IPv6. ping6 works, > but TCPv6 from LAN to Server does not work, unless i disable PF. > > Excerpt from pf.conf: > pass in quick on gif0 all keep state > pass out quick on gif0 all keep state > > pflog0 contains some strange packets: > http://arved.priv.at/~arved/strangepackets.pcap
That dump is useless, please cap with "-s0". > IPSEC_FILTERTUNNEL does not make a difference. > > I don't understand why pf is dropping something on gif0. And i can't decode > what kind of packets these are, and why they are necessary for TCPv6. > > Any ideas? I'd suspect ip-options. Try allow-opts and check "pfctl -si". If you really want to trust gif0 completely, you could simply add "skip on gif0" and pf will not mess with it at all. -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
