https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=103135
Eugene Grosbein changed:
What|Removed |Added
Status|Open|Closed
Resolution|---
On 2017-03-13 11:01, Andrey V. Elsukov wrote:
On 12.03.2017 00:23, Hooman Fazaeli wrote:
Hi,
As you know the ipsec/setkey provide limited syntax to define security
policies: only a single subnet/host, protocol number and optional port
may be used to specify traffic's source and destination.
I
On 12.03.2017 00:23, Hooman Fazaeli wrote:
> Hi,
>
> As you know the ipsec/setkey provide limited syntax to define security
> policies: only a single subnet/host, protocol number and optional port
> may be used to specify traffic's source and destination.
>
> I was thinking about the idea of usin
On Sat, Mar 11, 2017 at 09:53:39PM -0800, Ermal Luçi wrote:
> On Sat, Mar 11, 2017 at 2:16 PM, Slawa Olhovchenkov wrote:
>
> > On Sun, Mar 12, 2017 at 12:53:44AM +0330, Hooman Fazaeli wrote:
> >
> > > Hi,
> > >
> > > As you know the ipsec/setkey provide limited syntax to define security
> > > po
On Sat, Mar 11, 2017 at 2:16 PM, Slawa Olhovchenkov wrote:
> On Sun, Mar 12, 2017 at 12:53:44AM +0330, Hooman Fazaeli wrote:
>
> > Hi,
> >
> > As you know the ipsec/setkey provide limited syntax to define security
> > policies: only a single subnet/host, protocol number and optional port
> > may
On Sun, Mar 12, 2017 at 12:53:44AM +0330, Hooman Fazaeli wrote:
> Hi,
>
> As you know the ipsec/setkey provide limited syntax to define security
> policies: only a single subnet/host, protocol number and optional port
> may be used to specify traffic's source and destination.
>
> I was thinking
Hi,
As you know the ipsec/setkey provide limited syntax to define security
policies: only a single subnet/host, protocol number and optional port
may be used to specify traffic's source and destination.
I was thinking about the idea of using ipfw as the packet selector for ipsec,
much like it is
Synopsis: [ipsec] ipsec with ipfw divert (not NAT) encodes a packet twice
breaking PMTUD
Responsible-Changed-From-To: freebsd-bugs->freebsd-net
Responsible-Changed-By: vwe
Responsible-Changed-When: Wed Jan 14 22:24:42 UTC 2009
Responsible-Changed-Why:
Over to maintainer(s).
h
Kelly Yancey wrote:
> Just FYI, when we implemented the enc interface for FreeBSD 4.10 for
> one of our products at work, we encountered a similar issue. The
> problem is that you need to add a flag to the sockaddr_in passed to the
> divert(4) consumer; when that consumer re-injects the packets
Eugene Grosbein wrote:
Submitter-Id: current-users
Originator: Eugene Grosbein
Organization: Svyaz Service JSC
Confidential: no
Synopsis: ipsec with ipfw divert (not NAT) encodes a packet twice
breaking PMTUD
Severity: serious
Priority: high
Category: kern
On Mon, 11 Sep 2006, Eugene Grosbein wrote:
>
> >Submitter-Id:current-users
> >Originator: Eugene Grosbein
> >Organization:Svyaz Service JSC
> >Confidential: no
> >Synopsis:ipsec with ipfw divert (not NAT) encodes a packet twi
>Submitter-Id: current-users
>Originator:Eugene Grosbein
>Organization: Svyaz Service JSC
>Confidential: no
>Synopsis: ipsec with ipfw divert (not NAT) encodes a packet twice
>breaking PMTUD
>Severity: serious
>Priority: high
>Category:
"Crist J. Clark" <[EMAIL PROTECTED]> wrote:
> For packets entering the system from the network, the processing
> order is,
>
> (network) ---> ipfw ---> IPsec ---> (remainder of IP stack)
>
> And outgoing,
>
> (system) ---> IPsec ---> ipfw ---> (network)
>
> (It's actually a bit more hairy t
On Fri, Oct 31, 2003 at 09:45:25AM -0600, Mark Johnston wrote:
> "Crist J. Clark" <[EMAIL PROTECTED]> wrote:
> > On Thu, Oct 30, 2003 at 03:05:09PM -0600, Mark Johnston wrote:
> > > - gateway receives an ESP packet from mobile (encapsulating a ping).
> > > - gateway decrypts and transmits an ICMP p
"Crist J. Clark" <[EMAIL PROTECTED]> wrote:
> On Thu, Oct 30, 2003 at 03:05:09PM -0600, Mark Johnston wrote:
> > - gateway receives an ESP packet from mobile (encapsulating a ping).
> > - gateway decrypts and transmits an ICMP packet to internal with mobile's
> > source address.
> > - internal ge
On Thu, Oct 30, 2003 at 03:05:09PM -0600, Mark Johnston wrote:
> [ -netters, please Cc me or security@ with replies. ]
>
> I'm running into trouble integrating dynamic racoon-based IPSec into a network
> with ipfw and natd. I need to be able to allow VPN access from any address
> from authenticat
[ -netters, please Cc me or security@ with replies. ]
I'm running into trouble integrating dynamic racoon-based IPSec into a network
with ipfw and natd. I need to be able to allow VPN access from any address
from authenticated clients. I've got the dynamic VPN working, with racoon
negotiating SA
17 matches
Mail list logo