I rewrote this rule as the below, but it still didn't work, and packets
originated from 192.168.1.16 had never been encapsulated via IP-IP and
tunneled to 10.20.4.108.
# ipfstat -io
pass out quick on bge0 to ip.tun0:10.20.4.108 from 192.168.1.16/32 to
any
empty list for ipfilter(in)
this is my VPN configuration,
# ifconfig ip.tun0
ip.tun0: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> mtu
1480 index 9
inet tunnel src 10.0.110.56 tunnel dst 10.20.4.16
tunnel hop limit 60
inet 192.168.0.56 --> 10.20.4.108 netmask ffffff00
So my intention is to do source routing using ipf rules .
Actually I can ping 10.20.4.108 via this tunnel, which means the tunnel
works.
-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Wednesday, February 25, 2009 3:12 AM
To: Hao Wu
Cc: [email protected]
Subject: Re: [networking-discuss] ipf question
On 23/02/09 10:28 PM, Hao Wu wrote:
> Hi,
>
> Anyone knows if we could redirect the packets to IP tunnel interface
> using ipf. I wrote the below rule,
>
> pass out quick on bge0 to ip.tun0 from 192.168.1.16 to any
>
Try writing it like this:
pass out quick on bge0 to ip.tun0:A.B.C.D from 192.168.1.16 to any
Where "A.B.C.D" is the address of the other end of the tunnel.
> I hope that all the packets matching this rule could go through the
> IPsec tunnel and be encapsulated via IP-IP. But it seems that it
didn't
> work!
>
Have you looked at using ipsecconf?
Darren
_______________________________________________
networking-discuss mailing list
[email protected]
