greets all
> If you take a look at icmp_error() in sys/netinet/ip_icmp.c you will see > that icmp errors are not sent for packets that have been previously been > decrypted by IPSec. May be some misunderstandings happens. I have gif and ipsec. IPSEC mode is transport, that means, traffic encrypted only between gif's outer addresses. As result, traffic in gif encrypted by encrypting ipip container. But I can view traffic on gif by tcpdump as on regular interfaces. E.g. gif's inner traffic not processed by ipsec at all _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
