[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf does not pass esp?

To: misc@openbsd.org
Subject: Re: pf does not pass esp?
From: Rickard Borgmäster <doktorn@realworld.nu>
Date: Thu, 21 Mar 2002 00:50:03 +0100
References: <20020320232134.156bc882.doktorn@realworld.nu> <20020320144237.D14752@syn.codemonkey.net>

On Wed, 20 Mar 2002 14:42:37 -0800
Jason Ish <jason@codemonkey.net> hit the keyboard and punched:

> On Wed, Mar 20, 2002 at 11:21:34PM +0100, Rickard Borgmäster wrote:
> > I've read it here, several times. PF on -stables cannot pass esp
> > packets, while -current can.
> 
> PF will pass ESP, it just won't NAT ESP.  You need -current if you want
> ESP traffic to be NAT'd.

Hmm, okay.

Does this mean, that I cannot use ESP on a machine located behind the
OpenBSD PF firewall?

-- 

Rickard

                                               .--.        .--.
.----------------------------------------.     |  |        |  | .-.
|           Rickard Borgmäster           |     |  |        |  |/  /
|             doktorn@sub.nu             |   .-^  |  .--.  |     <
|         http://doktorn.sub.nu/         |  (  o  | ( () ) |  |\  \
`----------------------------------------'  `-----'  `--'  `--' `--'

Follow-Ups:
- Re: pf does not pass esp?
  - From: "Arvid Grøtting" <arvidg@netfonds.no>

References:
- pf does not pass esp?
  - From: Rickard Borgmäster <doktorn@realworld.nu>
- Re: pf does not pass esp?
  - From: Jason Ish <jason@codemonkey.net>

Prev by Date: Re: pf blocks ACK response
Next by Date: Re: pf blocks ACK response
Prev by thread: Re: pf does not pass esp?
Next by thread: Re: pf does not pass esp?
Index(es):
- Date
- Thread