List Info

Thread: PF and NAT-T
PF and NAT-T
country flaguser name
United States		 2008-04-16 16:04:30 
Hello,

I am using FreeBSD  6.3-RELEASE-p1 with NAT-T patch applied

(freebsd6-natt.diff, 
http://ipsec-tools.cvs.sourceforge.net/ipsec-tools/htd
ocs/ )

PF works as expected with "regular" IPSEC. But if
I try to use NAT-T, 
packets get lost, I don't see them on internal interface.

I created this pf.conf for testing:

set loginterface enc0
set debug loud

This is what I see in status:

Interface Stats for enc0              IPv4             IPv6
   Bytes In                             120               
0
   Bytes Out                              0               
0
   Packets In
     Passed                               0               
0
     Blocked                              2               
0

Nothing useful in the log file.

When I add 'set skip on enc', everything starts to work
fine.
How can I determine why those packets got blocked?

Thank you,
Vadym Chepkov



_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )