Andrew, Andre & all, I've checked it out once more (with a corrected setup) and now have been able to block traffic on enc0 in both directions (no matter if the tunnel endpoint is final destination or not).
Sorry for my first false posting. In this test case both machines (tunnel endpoints) are: FreeBSD ... 6.2-RELEASE-p1 FreeBSD 6.2-RELEASE-p1 #0: Sun Feb 11 22:35:18 CET 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GwMbg i386 One machine is using racoon (ipsec-tools), the other is using racoon2. `ifconfig enc0': enc0: flags=41<UP,RUNNING> mtu 1536 relevant kernconf parts: options FAST_IPSEC device random device enc device crypto Andre: If you still have trouble getting IPSec + enc0 + pf to work, please post me a private message. I know it's hard to find someone who has a working IPSec setup and is willing to help. At least my test setup shows it is not just possible to block traffic on device enc0 using pf, but to see all traffic in the pf logs (if being configured to do so). Probably you're willing to show us your pf rules to have a look at it? Have pfun! ;) Volker _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
