Date: Tue, 14 Aug 2007 10:18:46 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Eric Masson <emss@free.fr> Cc: Mailing List FreeBSD Network <freebsd-net@FreeBSD.org> Subject: Re: pf rdr statement & ipsec processing interaction Message-ID: <20070814101809.Q87821@maildrop.int.zabbadoz.net> In-Reply-To: <86k5ryjutw.fsf@srvbsdnanssv.interne.kisoft-services.com> References: <867inzn945.fsf@srvbsdnanssv.interne.kisoft-services.com> <20070813091634.C87821@maildrop.int.zabbadoz.net> <86k5ryjutw.fsf@srvbsdnanssv.interne.kisoft-services.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 14 Aug 2007, Eric Masson wrote: > "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> writes: > > Hello Bjoern & all, > >> this is expected behavior. You want to read about the >> IPSEC_FILTERTUNNEL (fka. IPSEC_FILTERGIF) kernel option and >> enc(4). > > I've compiled a new kernel with IPSEC_FILTERGIF, tcpdump now can see > unencrypted L2TP packets on external interfaces but rdr rule doesn't > have any effect. > > Just to be sure, I added "device enc" to the kernel configuration and > changed the rdr rule to : > rdr on enc0 proto udp from any to ($ext_if) port 1701 -> 10.127.0.1 port 1701 > > But no success atm. Any idea ? ifconfig enc0 | grep UP if not, ifconfig enc0 up -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070814101809.Q87821>