I have a firewall system that has a dedicated interface on which nly IPsec traffic is going out and comming in. The firewall encrypts and decrypts these packets.
I am using Ipfilter on that system and I would like to filter on the unencrypted content, both incoming and outgoing. The problem is that on the "IPsec interface" I only see the encrypted traffic. Is there a way to make IPsec be non-transparent? E.g: have a /dev/tun interface that is the non-encrypted variant of the dedicated ipsec interface? (I route pakets into the tun interface and they are encrypted and put out of the real dedicated interface, and vice versa: if IPsec traffic come into the real interface, they are decrypted and send thorugh the tunnel) -Guido To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
