[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-pf
Subject:    NAT IPSec Traffic with pf
From:       Sydney Meyer <syd.meyer () gmail ! com>
Date:       2014-07-31 0:06:55
Message-ID: 9B8D62A1-8377-4D27-8E1B-816E16C96E5F () gmail ! com
[Download RAW message or body]

Got a reply in the forums from "junovitch":

"There is a bug in 10.0-RELEASE with how how the kernel is tagging the mbuf allocated \
with IPSEC packets as it gets tagged to skip firewalling. Hence PF can't NAT what it \
can't see. Short answer is you need to upgrade to 10.0-STABLE or use an older version \
of FreeBSD.

Long answers:
http://www.freebsd.org/cgi/query-pr.cgi?pr=185876 - The PR with the technical \
details. https://forums.freebsd.org/viewtopic.php?f=7&t=45691 - Same issue and the \
troubleshooting that helped find it."

Upgrading to 10 STABLE fixed the issue.

Cheers,
S.
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"


[prev in list] [next in list] [prev in thread] [next in thread]