On Sun, Dec 11, 2016 at 03:53:49PM +0300, Andrey V. Elsukov wrote: > On 11.12.2016 15:50, Slawa Olhovchenkov wrote: > >> You can specify what you want, but this just will not work as you > >> expect. A router usually must not handle all TCP sessions that it > > > > You mean forward to IPSec system only packets with DST_IP = my_ip? > > I that case, why you talk only about not handled returned packets? > > Originated packets also don't address to me. > > I already described how it works and that you can configure what > you want. > > https://lists.freebsd.org/pipermail/freebsd-net/2016-December/046616.html
This is don't clean about "we can't handle the returned packets". If we can handle originated packets (encryped by outbound police, yes?) what is problem handle returned packets by other outbound police and decrypt it? _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
