[RFC/RFT] projects/ipsec
Slawa Olhovchenkov
slw at zxy.spb.ru
Sun Dec 11 15:28:11 UTC 2016
On Sun, Dec 11, 2016 at 03:53:49PM +0300, Andrey V. Elsukov wrote:
> On 11.12.2016 15:50, Slawa Olhovchenkov wrote:
> >> You can specify what you want, but this just will not work as you
> >> expect. A router usually must not handle all TCP sessions that it
> >
> > You mean forward to IPSec system only packets with DST_IP = my_ip?
> > I that case, why you talk only about not handled returned packets?
> > Originated packets also don't address to me.
>
> I already described how it works and that you can configure what
> you want.
>
> https://lists.freebsd.org/pipermail/freebsd-net/2016-December/046616.html
This is don't clean about "we can't handle the returned packets".
If we can handle originated packets (encryped by outbound police,
yes?) what is problem handle returned packets by other outbound police
and decrypt it?
More information about the freebsd-net
mailing list