Re: pf not seeing inbound packets on netgraph interface

2012-01-31 Thread Edward Carrel
On Jan 24, 2012, at 2:57 AM, Andreas Longwitz wrote: > Hi Ed, > >> I am running into a roadblock getting PF to filter traffic on >> a Netgraph interface representing an L2TP/IPSec connection. > >> The problem I have is that PF only sees traffic on the outbound >> side of the netgraph interface.

Re: pf not seeing inbound packets on netgraph interface

2012-01-24 Thread Andreas Longwitz
Hi Ed, > I am running into a roadblock getting PF to filter traffic on > a Netgraph interface representing an L2TP/IPSec connection. > The problem I have is that PF only sees traffic on the outbound > side of the netgraph interface. This happens because the L2TP packets are tagged with an IPSEC-

Re: pf not seeing inbound packets on netgraph interface

2012-01-06 Thread Melissa Jenkins
> > On Jan 4, 2012, at 12:03 AM, Ermal Luçi wrote: > >> Can you see if on the enc(4) interface pf(4) sees both side of the traffic? > > I can on enc0. Doing a tcpdump(1) shows me traffic traveling both ways. > Should there be a pf(4) interface for me to listen on? I've listened on > pflog(4),

Re: pf not seeing inbound packets on netgraph interface

2012-01-05 Thread Edward Carrel
On Jan 4, 2012, at 12:03 AM, Ermal Luçi wrote: > Can you see if on the enc(4) interface pf(4) sees both side of the traffic? I can on enc0. Doing a tcpdump(1) shows me traffic traveling both ways. Should there be a pf(4) interface for me to listen on? I've listened on pflog(4), and only seen tr

Re: pf not seeing inbound packets on netgraph interface

2012-01-04 Thread Ermal Luçi
On Wed, Jan 4, 2012 at 5:29 AM, Ed Carrel wrote: > Hi freebsd-net, > > I originally sent this to -questions@, but was redirected here by that > list. My original question is below: > > I am running into a roadblock getting PF to filter traffic on a Netgraph > interface representing an L2TP/IPSec

pf not seeing inbound packets on netgraph interface

2012-01-03 Thread Ed Carrel
Hi freebsd-net, I originally sent this to -questions@, but was redirected here by that list. My original question is below: I am running into a roadblock getting PF to filter traffic on a Netgraph interface representing an L2TP/IPSec connection. I have done some narrowing down of the problem, but