Hi,
On Tuesday 26 November 2002 15:19, Greg Panula wrote:
>
> # allow private traffic between location to flow
> allow ip from 10... to 192.168... out via int.nic
> allow ip from 192.168... to 10... in via int.nic
>
> Granted the ruleset above assumes you are *not* using gif tunnels, just
> ipsec
On Mon, Nov 25, 2002 at 05:46:47PM +0100, Eric Masson wrote:
>
> In my case, the lan joined by the vpn use rfc1918 adresses, and if I
> want the vpn traffic to flow correctly, I must invalidate incoming
> rfc1918 address checking on the external firewall interface. I don't
> think it increases sec
Archie Cobbs:
> Guido van Rooij wrote:
> > > An esp0 or ipsec0 device would provide the handle ipfw needs.
> >
> > That is excatly what I wanted to say earlier.
> >
> > But beware: this is only true in tunnel mode.
> >
> > In transport mode, the KAME stack calls the subprotocol handler
> > direc
On Tue, Nov 19, 2002 at 10:56:25AM -0800, Archie Cobbs wrote:
> Guido van Rooij wrote:
> > > The problem is that while ESP packets arrive to be processed by
> > > IPsec just fine thru my ipfw rules, when the packets are de-encrypted
> > > and re-inserted into the kernel they appear to ipfw to be
ackets seen on wrong interface by ipfw (was Re: IPsec/
gif VPN tunnel packets on wrong NIC in ipfw?)
On Tue, Nov 19, 2002 at 02:08:54PM -0500, Scott Ullrich wrote:
> Guido,
>
> I am using a tunneling device (gif0).
>
> How are we supposed to fix the issue with your patch installed? If w
On Tue, Nov 19, 2002 at 02:08:54PM -0500, Scott Ullrich wrote:
> Guido,
>
> I am using a tunneling device (gif0).
>
> How are we supposed to fix the issue with your patch installed? If we need
> to add more rules, that's fine but what would these rules be? Are they
> before the divert? After
Guido van Rooij wrote:
> > The problem is that while ESP packets arrive to be processed by
> > IPsec just fine thru my ipfw rules, when the packets are de-encrypted
> > and re-inserted into the kernel they appear to ipfw to be coming from
> > my external interface (the one they arrived on via ES
alled.
-Original Message-
From: Guido van Rooij [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 19, 2002 1:56 PM
To: David Kelly
Cc: Scott Ullrich; 'Archie Cobbs'; '[EMAIL PROTECTED]';
[EMAIL PROTECTED]
Subject: Re: IPsec packets seen on wrong interface by ipfw (was Re:
IPs
On Tue, Nov 19, 2002 at 04:24:56PM +0100, Patrick M. Hausen wrote:
> Hello!
>
> Guido wrote:
>
> > > The problem is that while ESP packets arrive to be processed by
> > > IPsec just fine thru my ipfw rules, when the packets are de-encrypted
> > > and re-inserted into the kernel they appear to i
On Tue, Nov 19, 2002 at 10:11:29AM -0600, David Kelly wrote:
>
> Once the ipsec history is removed from the packet then how/what/where is
> the packet tagged as having come from? In my case it appears to have
It is tagged as any other packet.
> retained properties of the ESP packet it was encase
To help clarify gif is no longer suspect I have changed the subject.
On Tue, Nov 19, 2002 at 04:08:26PM +0100, Guido van Rooij wrote:
> On Tue, Nov 19, 2002 at 07:54:29AM -0600, David Kelly wrote:
> >
> > The problem is that while ESP packets arrive to be processed by
> > IPsec just fine thru my
Hello!
Guido wrote:
> > The problem is that while ESP packets arrive to be processed by
> > IPsec just fine thru my ipfw rules, when the packets are de-encrypted
> > and re-inserted into the kernel they appear to ipfw to be coming from
> > my external interface (the one they arrived on via ESP
Message-
From: Archie Cobbs [mailto:[EMAIL PROTECTED]]
Sent: Sunday, November 17, 2002 2:56 PM
To: Scott Ullrich
Cc: '[EMAIL PROTECTED]'; David Kelly;
[EMAIL PROTECTED]
Subject: Re: IPsec/gif VPN tunnel packets on wrong NIC in ipfw?
Scott Ullrich wrote:
> I am also having this same p
networks to talk?
Thanks,
Scott
-Original Message-
From: Greg Panula [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 15, 2002 10:47 AM
To: David Kelly
Cc: [EMAIL PROTECTED]
Subject: Re: IPsec/gif VPN tunnel packets on wrong NIC in ipfw?
David Kelly wrote:
>
> On Fri, Nov 15, 2002 at
Ran cvsup this morning (11/14/2002), built world, installed world, built
and installed new kernel, forgot mergemaster, rebooted, and my VPN to
another FreeBSD box was not working. Did not update the other box.
Discovered I had not done mergemaster on the problem box so did that
and rebooted aga
15 matches
Mail list logo