Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 23 Oct 2001 19:41:23 +0900
From:      Shoichi Sakane <sakane@kame.net>
To:        snap-users@kame.net, ipfw@freebsd.org
Subject:   Re: (KAME-snap 5576) IPFW/IPSEC/NAT interaction issues with 4.4
Message-ID:  <20011023194123V.sakane@kame.net>
In-Reply-To: Your message of "Tue, 23 Oct 2001 10:45:22 +0200" <20011023104522.E87507@itouchlabs.com>
References:  <20011023104522.E87507@itouchlabs.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> I'm hoping someone here can shed some light on a problem I came across this
> morning. I have two VPN gateways connected to cisco VPN concentrators. 
> These are running Freebsd 4.2-RELEASE and 4.4-RELEASE.  The 4.2 based
> gateway has been functioning without hastles for a while now.  however when
> I configured the 4.4 based system this morning, I ran into the problem that
> the IP packets seem to ne be being re-injected into the firewall ruleset
> after the ESP decapsulation.  The firewall rulesets are identicle between
> the systems.  This re-injection is neccessary for me to be able to then
> place the packet into a divert socket feeding natd, and from there onto the
> client machines behind the VPN gateway.

how was the difference of the output of "netstat" before a encrypted
packet arrived at the freebsd vpn box, and after the packet went away
somewhere ?
i have a report that "unknown/unsupported protocol" in the ipsec section of
"netstat" is counted.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20011023194123V.sakane>