On Jan 24, 2012, at 2:57 AM, Andreas Longwitz wrote:
> Hi Ed,
>
>> I am running into a roadblock getting PF to filter traffic on
>> a Netgraph interface representing an L2TP/IPSec connection.
>
>> The problem I have is that PF only sees traffic on the outbound
>> side of the netgraph interface.
Hi Ed,
> I am running into a roadblock getting PF to filter traffic on
> a Netgraph interface representing an L2TP/IPSec connection.
> The problem I have is that PF only sees traffic on the outbound
> side of the netgraph interface.
This happens because the L2TP packets are tagged with an IPSEC-
>
> On Jan 4, 2012, at 12:03 AM, Ermal Luçi wrote:
>
>> Can you see if on the enc(4) interface pf(4) sees both side of the traffic?
>
> I can on enc0. Doing a tcpdump(1) shows me traffic traveling both ways.
> Should there be a pf(4) interface for me to listen on? I've listened on
> pflog(4),
On Jan 4, 2012, at 12:03 AM, Ermal Luçi wrote:
> Can you see if on the enc(4) interface pf(4) sees both side of the traffic?
I can on enc0. Doing a tcpdump(1) shows me traffic traveling both ways. Should
there be a pf(4) interface for me to listen on? I've listened on pflog(4), and
only seen tr
On Wed, Jan 4, 2012 at 5:29 AM, Ed Carrel wrote:
> Hi freebsd-net,
>
> I originally sent this to -questions@, but was redirected here by that
> list. My original question is below:
>
> I am running into a roadblock getting PF to filter traffic on a Netgraph
> interface representing an L2TP/IPSec
Hi freebsd-net,
I originally sent this to -questions@, but was redirected here by that
list. My original question is below:
I am running into a roadblock getting PF to filter traffic on a Netgraph
interface representing an L2TP/IPSec connection. I have done some narrowing
down of the problem, but