Summary: | enc0 needs to be up if kernel has it | ||
---|---|---|---|
Product: | Base System | Reporter: | emz |
Component: | kern | Assignee: | freebsd-net (Nobody) <net> |
Status: | New --- | ||
Severity: | Affects Only Me | CC: | pi, re |
Priority: | --- | Keywords: | regression |
Version: | 10.2-BETA1 | ||
Hardware: | Any | ||
OS: | Any |
Description
emz
2015-07-15 07:15:44 UTC
After investigation I discovered the following: - now enc0 needs to be up when processing ipsec, if kernel has it - net.enc.out.ipsec_filter_mask and net.enc.in.ipsec_filter_mask default to 1, so the ipsec packets go through firewall - (irrelevant, but still an error) I have "set skip on enc0" in pf.rules file, but upon loading rules I cannot see any occurrences of enc0 in pfctl -vvvs rules. Follow-up: and man 4 enc doesn't mention it. At least I fail to notice the exact place where it says so. |