Date: Tue, 21 Mar 2017 11:56:25 +0000 From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: "Kurt Jaeger" <lists@opsec.eu> Cc: "Miroslav Lachman" <000.fbsd@quip.cz>, freebsd-pf@freebsd.org Subject: Re: Support for the enc(4) pseudo-interface Message-ID: <12FB978F-D222-4221-9DE9-40AFB435187C@lists.zabbadoz.net> In-Reply-To: <20170321114636.GH64587@home.opsec.eu> References: <1490085811-bc1aa9c7b83aeddb9dee198bc4071b35@olivarim.com> <44FBCEF5-6151-46FF-A166-81E7306914CC@sigsegv.be> <58D11201.1000403@quip.cz> <20170321114636.GH64587@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 Mar 2017, at 11:46, Kurt Jaeger wrote: > Hi! > >>> If you want to filter on it it should work if you add ???device >>> enc??? to your >>> kernel config. The man page suggests that should then allow you to >>> filter IPSec >>> traffic on enc0. >> >> Shouldn't it be included in GENERIC if IPSec is now part of it? > > Yes, please include enc in the GENERIC kernel. I thought the entire idea of making ipsec loadable was that we don’t have to ship it in the kernel and have it available? /bz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12FB978F-D222-4221-9DE9-40AFB435187C>