Re: pf does not pass esp?

[Rickard Borgmäster <doktorn@realworld.nu>]

On Thu, 21 Mar 2002 10:41:49 -0800
Jason Ish <jason@codemonkey.net> hit the keyboard and punched:

> All IPsec traffic passes over enc0.  If you up enc0 then you can dump on
> it and see your encrypted traffic.

Ok, had no clue. How can I bring enc0 up on boot? Maybe just:
# touch /etc/hostname.enc0

? 


> Traffic that is coming out of a tunnel appears to come from interface
> enc0.

Thanks, big help!
 
> >  nat on xl1 from 10.0.0.0/24 to any -> 213.88.128.173
> >  binat on xl1 from 10.0.0.1 to any -> 213.88.128.161
> > 
> > So a rule like
> >  binat on enc0 from 10.0.0.1 to any -> 213.88.128.161
> > would help you think? But still, I don't have enc0...
> 
> That should do the trick.  enc0 is in the GENERIC kernel.  Did you
> remove it?

I have a custom kernel, but I do have enc0. It just wasn't up.
Anyways, added a nat rule like that, and what do you know, it
works. Almost. Now the connection is 50% encrypted :-/

tcpdumping on enc0 gives:
20:23:13.246779 (authentic,confidential): SPI 0x1f644dae:
130.236.218.63.1747 > 213.88.128.171.1494: . ack 1681 win 33304
<nop,nop,timestamp 6070771 6142364> (DF) (encap)

while tcpdumping on xl1 gives:
20:23:13.809282 0:10:4b:cf:1f:e0 0:c0:7b:a3:71:b6 0800 66:
213.88.128.171.1494 > 130.236.218.63.1747: . ack 16099 win 16122
<nop,nop,timestamp 6142370 6070827> (DF)

Seems as the return traffic wont go through the tunnel :-/


-- 

Rickard

                                               .--.        .--.
.----------------------------------------.     |  |        |  | .-.
|           Rickard Borgmäster           |     |  |        |  |/  /
|             doktorn@sub.nu             |   .-^  |  .--.  |     <
|         http://doktorn.sub.nu/         |  (  o  | ( () ) |  |\  \
`----------------------------------------'  `-----'  `--'  `--' `--'