[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: route-to enc0, ipsec



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

|> ("route-ro A:gateway") packets goes out thru A interface. So, i see enc0
|> interface is treaten is some special way.
||| Yes.
||> Can someone explain me which
|> way packets goes in kernel? And what's the order for:
|> - - routing
|> - - aplying pf rules for incoming and later for outgoing packets
|> - - nat-ing incoming and outgoing packets
||| interface -> rdr/binat -> pf -> kernel/routing -> nat/binat -> pf ->
| interface.
| Now rules like "route-to" will bypass the kernel/routing stage.
||>
|> - - ipsec tunneling
||| This is much more complicated, because your packet will go 2 or three
| time through the packet filter. read IPSEC(4), ipsecadm(8) and isakmpd(8)

Thanks for information.
I discovered that my problem has nothing to do with pf and ipsec, it was
mtu and icmp: need to frag issue. I don't explain this, because it is
offtopic.
Sorry for mess.

c0g
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAj29uucACgkQPqmVt5WhbA/vnACdG/3M1Uy+XOrJSBh+gtossJt4
/xUAn0CUUbXJs2Yldjj3a+hX6POTETdV
=TxLt
-----END PGP SIGNATURE-----