On 2017-03-13 11:01, Andrey V. Elsukov wrote:
On 12.03.2017 00:23, Hooman Fazaeli wrote:
Hi,
As you know the ipsec/setkey provide limited syntax to define security
policies: only a single subnet/host, protocol number and optional port
may be used to specify traffic's source and destination.
I
On 12.03.2017 00:23, Hooman Fazaeli wrote:
> Hi,
>
> As you know the ipsec/setkey provide limited syntax to define security
> policies: only a single subnet/host, protocol number and optional port
> may be used to specify traffic's source and destination.
>
> I was thinking about the idea of usin
On Sat, Mar 11, 2017 at 09:53:39PM -0800, Ermal Luçi wrote:
> On Sat, Mar 11, 2017 at 2:16 PM, Slawa Olhovchenkov wrote:
>
> > On Sun, Mar 12, 2017 at 12:53:44AM +0330, Hooman Fazaeli wrote:
> >
> > > Hi,
> > >
> > > As you know the ipsec/setkey provide limited syntax to define security
> > > po
On Sat, Mar 11, 2017 at 2:16 PM, Slawa Olhovchenkov wrote:
> On Sun, Mar 12, 2017 at 12:53:44AM +0330, Hooman Fazaeli wrote:
>
> > Hi,
> >
> > As you know the ipsec/setkey provide limited syntax to define security
> > policies: only a single subnet/host, protocol number and optional port
> > may
On Sun, Mar 12, 2017 at 12:53:44AM +0330, Hooman Fazaeli wrote:
> Hi,
>
> As you know the ipsec/setkey provide limited syntax to define security
> policies: only a single subnet/host, protocol number and optional port
> may be used to specify traffic's source and destination.
>
> I was thinking
Kelly Yancey wrote:
> Just FYI, when we implemented the enc interface for FreeBSD 4.10 for
> one of our products at work, we encountered a similar issue. The
> problem is that you need to add a flag to the sockaddr_in passed to the
> divert(4) consumer; when that consumer re-injects the packets
Eugene Grosbein wrote:
Submitter-Id: current-users
Originator: Eugene Grosbein
Organization: Svyaz Service JSC
Confidential: no
Synopsis: ipsec with ipfw divert (not NAT) encodes a packet twice
breaking PMTUD
Severity: serious
Priority: high
Category: kern
Clas
On Mon, 11 Sep 2006, Eugene Grosbein wrote:
>
> >Submitter-Id:current-users
> >Originator: Eugene Grosbein
> >Organization:Svyaz Service JSC
> >Confidential:no
> >Synopsis:ipsec with ipfw divert (not NAT) encodes a packet twice
> >breaking PMTUD
> >Severity:seriou