I have ipsec tunnel working on freebsd 4.3 using private addresses for both internal sides of the tunnel. (192.168.1.0 & 192.168.2.0) When I enable ipfilter blocking 192.168.1.0 on the external interface the tunnel no longer works. Here's whats happening: 1. I'm passing esp proto and udp port 500 on external interface so the packets get through. 2. Next, the packet gets blocked on external interface with destination address of 192.168.1.120. Why doesn't it switch the interface after it's decrypted? When I turn off ipfilter and am using tcpdump, it never shows the decrypted packet on the external interface with the destination address of 192.168.1.120. If I remove the one line in ipfilter that blocks 192.168.0.0/16 then it begins working again. Any suggestions? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
