RE: ipsec packet filtering

From: Mitch (bitblock) (mitch_at_bitblock.com)
Date: 07/30/04

Next message: Max Laier: "ALTQ driver: an(4), ath(4), hme(4), ndis(4), vr(4) and wi(4)"

Previous message: Charlie Schluting: "Re: packet order, ipf or ipfw"
In reply to: Peter Sandilands: "RE: ipsec packet filtering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: peter@sandilands.vu, freebsd-net@freebsd.org
Date: Fri, 30 Jul 2004 10:34:58 -0700

> But by adding the following option to the kernel conf file you can get
> the processing path I think you are asking for??
>
> options IPSEC_FILTERGIF (documented in LINT)
>
> This then causes the decrypted packet to be passed thru IPFW again.
>
> Be aware this has significant consequences for where you do NAT in the
> ruleset and requires very careful crafting of the IPFW rules
>
> Pete

ok.

Will this allow me to do the following:

Client 1 <--\
FREEBSD ROUTER <----> Internet
Client 2 <--/

Client 1, although on the same subnet as client 2, can not directly connect
to Client 2. This is an underlying restriction of the ATM transport of the
telco we deal with. No option.

I want to connect client 1, and client 2. I can create a VPN from client 1
to central router, and client 2 to central router. In the past, I could not
route this traffic.

Are you saying this should be possible now?

Thanks.

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

Next message: Max Laier: "ALTQ driver: an(4), ath(4), hme(4), ndis(4), vr(4) and wi(4)"

Previous message: Charlie Schluting: "Re: packet order, ipf or ipfw"
In reply to: Peter Sandilands: "RE: ipsec packet filtering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]