[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    5.6: rule counter with proto esp not working
From:       Axel Rau <Axel.Rau () chaos1 ! de>
Date:       2015-02-16 12:34:33
Message-ID: D5D7BA9C-F8F1-45CB-9269-5BED07AB6189 () Chaos1 ! DE
[Download RAW message or body]

Hi,

I failed to setup a queue on outgoing esp traffic and noticed that the rule counters \
are all 0 and do not advance:

@155 pass out quick on vlan2 inet proto esp from any to <road_worrier_nets:8> set ( \
queue vpn ) keep state (if-bound)  [ Evaluations: 0         Packets: 0         Bytes: \
0           States: 0     ]  [ Inserted: uid 0 pid 28769 State Creations: 0     ]

This is the IPSEC gateway. On the IPSEC client, it works:

@284 pass in quick on pppoe0 inet proto esp from some.gateway to (pppoe0:1) keep \
state (if-bound)  [ Evaluations: 434       Packets: 11134879  Bytes: 8621504380  \
States: 1     ]  [ Inserted: uid 0 pid 2528 State Creations: 1     ]

I could not find any preceding rule with proto esp (or empty proto).

What am I doing wrong?

Axel
---
PGP-Key:29E99DD6  ☀ +49 151 2300 9283  ☀ computing @ chaos claudius


[prev in list] [next in list] [prev in thread] [next in thread]