> no, that's wrong. use this instead:
>
> pass in on enc0 proto ipencap from $OTHER to $ME
Where OTHER and ME are the IP addresses your IPsec endpoints.
In other words the two machines between which you encapsulate
your traffic. Mind you this will ONLY be possible if you have static
IP's on eit
On Fri, Jul 23, 2004 at 07:57:35AM +0200, Cedric Berger wrote:
> Add "pass in on enc0 proto ipencap all" all and it should work.
> That's an old problem with OpenBSD IPSec code.
no, that's wrong. use this instead:
pass in on enc0 proto ipencap from $OTHER to $ME
On Fri, 23 Jul 2004, Cedric Berger wrote:
> Add "pass in on enc0 proto ipencap all" all and it should work.
> That's an old problem with OpenBSD IPSec code.
that did the trick. thanks a bunch.
--
[-]
``Early to rise, early to bed, makes a man healthy, wealthy and dead.''
Tamas TEVESZ wrote:
hi,
i think i'm missing something on filtering on the enc interface.
scenario looks as:
leftsecgwAright
[internal lan] -- [xl0 tun0] -- ~~ -- [secgwB] -- [other lan]
secgwA is a 3.5-stable built on jun 15 (ie. it doesn't have the pf
vity thing. as far as i understand, someone is doing
something fishy, because the above looks like as if i was seeing only
3/4 part of two connections (or 1.5 parts of one connection, depending
how you look at it..)
my understanding on the "filtering on enc" was that i'm only supposed
t
