[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: route-to enc0, ipsec
-----BEGIN PGP SIGNED MESSAGE-----
|> ("route-ro A:gateway") packets goes out thru A interface. So, i see enc0
|> interface is treaten is some special way.
||> Can someone explain me which
|> way packets goes in kernel? And what's the order for:
|> - - routing
|> - - aplying pf rules for incoming and later for outgoing packets
|> - - nat-ing incoming and outgoing packets
||| interface -> rdr/binat -> pf -> kernel/routing -> nat/binat -> pf ->
| Now rules like "route-to" will bypass the kernel/routing stage.
|> - - ipsec tunneling
||| This is much more complicated, because your packet will go 2 or three
| time through the packet filter. read IPSEC(4), ipsecadm(8) and isakmpd(8)
Thanks for information.
I discovered that my problem has nothing to do with pf and ipsec, it was
mtu and icmp: need to frag issue. I don't explain this, because it is
Sorry for mess.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----