Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 23 Oct 2001 19:41:23 +0900
From:      Shoichi Sakane <>
Subject:   Re: (KAME-snap 5576) IPFW/IPSEC/NAT interaction issues with 4.4
Message-ID:  <>
In-Reply-To: Your message of "Tue, 23 Oct 2001 10:45:22 +0200" <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> I'm hoping someone here can shed some light on a problem I came across this
> morning. I have two VPN gateways connected to cisco VPN concentrators. 
> These are running Freebsd 4.2-RELEASE and 4.4-RELEASE.  The 4.2 based
> gateway has been functioning without hastles for a while now.  however when
> I configured the 4.4 based system this morning, I ran into the problem that
> the IP packets seem to ne be being re-injected into the firewall ruleset
> after the ESP decapsulation.  The firewall rulesets are identicle between
> the systems.  This re-injection is neccessary for me to be able to then
> place the packet into a divert socket feeding natd, and from there onto the
> client machines behind the VPN gateway.

how was the difference of the output of "netstat" before a encrypted
packet arrived at the freebsd vpn box, and after the packet went away
somewhere ?
i have a report that "unknown/unsupported protocol" in the ipsec section of
"netstat" is counted.

To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>