On Fri, May 27, 2016 at 01:21:55PM +0200, Bruno Flueckiger wrote:
> After discussing this with Philipp Buehler off list I have reworked my
> diff to make things easier in the example.
>
> The paragraph which contains set skip on enc0 just before the ruleset
> is removed. All filtering in the rule
After discussing this with Philipp Buehler off list I have reworked my
diff to make things easier in the example.
The paragraph which contains set skip on enc0 just before the ruleset
is removed. All filtering in the rule set is done on sk0, skipping enc0
entirely.
The new rule set looks like
On Thu, May 26, 2016 at 08:41:49AM +0100, Jason McIntyre wrote:
> On Tue, May 24, 2016 at 10:53:16AM +0200, Bruno Flueckiger wrote:
> > Hi,
> >
> > I've tested IPsec connections in my lab. The setup looks like this:
> >
> > [cli] <-- vlan10 --> [gw1] <> [inet] <> [gw2] <-- vlan20 -->
IPsec=
>
> During the testing I think I've found a flaw in ipsec.conf(5). According
> to the man page the esp packets need to be passed on interface sk0:
>
> block on sk0
> block on enc0
>
> pass in on sk0 proto udp from 192.168.3.2 to 192.168.3.1 \
>
Am 24.05.2016 10:53 schrieb Bruno Flueckiger:
As a result of my tests I've created the diff below for ipsec.conf(5).
Is
this ok or did I miss something?
You missed the 'set skip on enc0' a bit up.
--
pb
Hi,
I've tested IPsec connections in my lab. The setup looks like this:
[cli] <-- vlan10 --> [gw1] <> [inet] <> [gw2] <-- vlan20 --> [srv]
IPsec=
During the testing I think I've found a flaw in ipsec.conf(5). According
6 matches
Mail list logo
