NAT before IPSEC - reply packets stuck at enc0
Muenz, Michael
m.muenz at spam-fetish.org
Fri Jul 21 10:58:54 UTC 2017
Am 19.07.2017 um 15:35 schrieb Andrey V. Elsukov:
>
> Check what you will see if you set net.enc.in.ipsec_bpf_mask=3.
> You should see the reply two times, the second one should be with
> translated address.
>
Googling around with "nat before ipsec" and freebsd shows many topics
like this.
It seems with 11.0 release there were some significant changes to enc
which made this impossible.
Michael
More information about the freebsd-net
mailing list