Filtering of VTI Traffic

Started by 8191, September 07, 2024, 08:24:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 07, 2024, 08:24:11 PM
I have following sysctl values set:

Code Select

net.inet.ipsec.filtertunnel: 0
net.enc.in.ipsec_filter_mask: 2
net.enc.out.ipsec_filter_mask: 1


When filtering on enc0, traffic filtering does not apply. When filtering on a ipsecXYZ device (i.e. VTI device), filtering applies. This behaviour seems to be different from 24.1 and also different than described in https://docs.opnsense.org/manual/vpnet.html#route-based-vti.
Is this an intentional change, or are there other settings which might have an impact here?
Print
Go Up Pages1
User actions