https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474
--- Comment #39 from j...@netgate.com ---
(In reply to Kevin Ong from comment #33)
You're missing a couple sysctl OIDs.
For the default enc0 filtering mode, use the following sysctl values:
net.inet.ipsec.filtertunnel = 0x
net.inet6
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474
--- Comment #38 from Kevin Ong ---
See Jim's reply on my thread here:
https://forum.netgate.com/topic/159252/ipsec-outbound-nat-to-interface-address-reply-traffic-destination-ip-not-being-translated-back-to-original-source-ip/21?_=1614663
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474
--- Comment #37 from jeremy.mordk...@riftio.com ---
(In reply to jeremy.mordkoff from comment #36)
To prove this to myself, I rebooted the "CORE" router. This caused the sysctl
settings to be lost.
The old LAN-LAN tunnel started working a
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474
--- Comment #36 from jeremy.mordk...@riftio.com ---
(In reply to jeremy.mordkoff from comment #35)
I should have mentioned PF Sense 2.4.5-RELEASE-p1
--
You are receiving this mail because:
You are the assignee for the bug.
___
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474
jeremy.mordk...@riftio.com changed:
What|Removed |Added
CC||jeremy.mordk...@riftio.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474
--- Comment #31 from Eugene Grosbein ---
(In reply to jimp from comment #30)
With ipfw you don't even need to filter on enc pseudo-interface.
--
You are receiving this mail because:
You are the assignee for the bug.
_
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474
--- Comment #30 from j...@netgate.com ---
You can have both route-based and policy-based IPsec active at once but you
cannot filter both at once in the expected manner.
It is not limited to NAT rules, it affects both NAT and firewall rules
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474
--- Comment #29 from Michael Muenz ---
(In reply to Eugene Grosbein from comment #27)
Indeed, the problem description should be adjusted that "only" NAT via pf is
affected.
--
You are receiving this mail because:
You are the assignee for
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474
--- Comment #28 from Eugene Grosbein ---
(In reply to Eugene Grosbein from comment #27)
Forgot to note, I use FreeBSD 11.4.
--
You are receiving this mail because:
You are the assignee for the bug.
___
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474
--- Comment #27 from Eugene Grosbein ---
(In reply to Ziomalski from comment #26)
This is not true: "It is currently not possible to simultanously have Routed
IPsec with NAT and Policy IPsec". I have both ipsec-tools/racoon running as
IKEv
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474
Ziomalski changed:
What|Removed |Added
Status|Closed |Open
Severity|Affects Only M
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474
j...@netgate.com changed:
What|Removed |Added
CC||j...@netgate.com
--- Comment #25
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474
Kubilay Kocak changed:
What|Removed |Added
Severity|Affects Some People |Affects Only Me
Summary
13 matches
Mail list logo
