On Sat, 5 Nov 2011 12:00:33 +0000 (UTC), [email protected] wrote: > Send freebsd-stable mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of freebsd-stable digest..." > > > Today's Topics: > > 1. Re: fbsd 8.2, L2TP over IPsec and pf ? (Kurt Jaeger) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 4 Nov 2011 14:18:56 +0100 > From: Kurt Jaeger <[email protected]> > Subject: Re: fbsd 8.2, L2TP over IPsec and pf ? > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > > Hi! > >> I'm building a setup for incoming L2TP over IPsec connections >> using FreeBSD 8.2-REL. >> >> IPsec based on ports/security/ipsec-tools, the l2tp part >> works from net/mpd5/. >> >> If I disable the PF rules, everything works. >> >> If I enable the PF rules, the IPsec connection still comes up, >> but the L2TP requests are lost somewhere in the PF rules 8-( >> >> Interestingly, tcpdump enc0 does not see any encrypted packets (!) >> as long as the PF rules are active. >> >> Any hits on the PF rules required to allow those packets in ? I dont know the exect rules but you can try log all the outgoing and incoming packets by rules pass in quick log all pass out quick log all
and then see what is going on by displaying logs on your console tcpdump -n -e -ttt -i pflog0 finaly send packets threw firewall and see what to pass by adding apropriet rule to your firewall Usefoul hint use some other firewall like ipfw or ipf when you disable your pf the same thing you should do when you pass all the packets by pf > Turns out: ESP in/out was missing. set debug misc in the pf.conf > is worth a lot 8-) > > Thanks for all help (by private mail). > > I'll try to document this setup on some webpage (but this will take > 1-2 month due to other projects 8-( _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[email protected]"
