>From ipsec.conf(5):
"… Add a pf(4) tag to all packets of phase 2 SAs created for this connection. …"
As I understand it, in your case or any other cases, it is about tagging pkts
from one peer to another.
Eg. from one vpn_gw to another.
But this is my understanding of this. I might be wrong her
On Tue, Jun 11, 2013 at 3:26 PM, mxb wrote:
> Tried to tag pkts on $int_if ? Eg
>
match in on $if_int from ($if_int:network) to $pbx_net tag PBX
>
Yes and that works. But shouldn't it already be covered by the 'PBX' tag in
ipsec.conf?
That's what I expected and what I'm trying to figure out.
Th
Tried to tag pkts on $int_if ? Eg
match in on $if_int from ($if_int:network) to $pbx_net tag PBX
//mxb
On 11 jun 2013, at 14:38, Rogier Krieger wrote:
> A kind soul (thank you) suggested I add the following to my ruleset:
>pass quick on enc0 proto ipencap
>
> Unfortunately, that does stil
A kind soul (thank you) suggested I add the following to my ruleset:
pass quick on enc0 proto ipencap
Unfortunately, that does still not allow the inner outbound traffic to pass.
>From what I can tell, the original ruleset already let ipencap traffic pass
on enc0. I verified with tcpdump and
Dear list,
after re-installing a machine with 5.3 (i386), I wanted to tighten up the
filtering rules. To that end, I added a 'block log' rule near the top of my
rules. This appears to be unexpectedly effective.
I'm having trouble with my IPsec VPN to a VoIP PBX. Although my SAs come up
as expecte
5 matches
Mail list logo
