30.05.2016 14:21, Patrick Lamaiziere пишет:
Hello,
Documentation states that setting net.inet.ip.fastforwarding on a
router breaks ipsec. But it's not clear to me "where" ipsec is broken.
Is it ipsec broken to (or from) the router, but ipsec between differents
hosts will work as expected.
Or is it broken for all the ipsec traffic passing through the
router ?
Thanks regards,
Fastforwarded traffic is passed without any IPSEC processing,
so it gets no encryption/decryption.
Afaik, sysctl net.inet.ip.fastforwarding was removed from recent FreeBSD code
recently and traffic that can be fastforwarded is fastforwarded automagically
and traffic that cannot (f.e. IPSEC traffic) goes through full processing.
So, the problem you mention should be eliminated.
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
