Hello!

� ��-� � ᠡ� ��� ��直� �⠭������ �����⮢ ⨯� android/ios/windows? ���஡���� ࠤ� ��������᪮�� ����� � �ଠ� ���䨣� ipsec.conf, �� ���������� ⮫쪮 �१ psk.
����� ���ਬ�� ���ᮢ뢠�� � ����⢥ ����� � ip ����७���, � ���ந� �����䨪��� )
��� ipsec.conf �� �㯨����� ���� �����樨 � ����� ���� �������� �१ swanctl?
� ࠤ��ᮬ ⮦� �� ��諮, ���� ����⠫ � username.

� ������訬� ��������ﬨ, Sergey Anohin.

--- wfido
* Origin: https://5034.ru/wfido (2:5034/10.1)

14 ﭢ. 2026, �।�, � 16:34 NOVT, Sergey Anohin ����ᠫ(�):

� ��-� � ᠡ� ��� ��直� �⠭������ �����⮢ ⨯� android/ios/windows?
���஡���� ࠤ� ��������᪮�� ����� � �ଠ� ���䨣� ipsec.conf, �� ���������� ⮫쪮 �१ psk.
����� ���ਬ�� ���ᮢ뢠�� � ����⢥ ����� � ip ����७���, � ���ந� �����䨪��� )
��� ipsec.conf �� �㯨����� ���� �����樨 � ����� ���� �������� �१ swanctl?
� ࠤ��ᮬ ⮦� �� ��諮, ���� ����⠫ � username.

��� ࠡ�⠥� � � ࠤ��ᮬ, � ���.

https://dadv.livejournal.com/210154.html https://dadv.dreamwidth.org/196385.html

Eugene
--
H����� �� ��������� �����⠬, � ��᫥������ �� � �ࠢ������ �� ���祭��
� ������. H����� ����஦���� �⭮����� � ����� �뢠��� ��, ��⮬� �� ����� ������� �����砩�� �����.
--- slrn/1.0.3 (FreeBSD)
* Origin: RDTC JSC (2:5006/1@fidonet)

Hello, Eugene!

��� ࠡ�⠥� � � ࠤ��ᮬ, � ���.
https://dadv.livejournal.com/210154.html https://dadv.dreamwidth.org/196385.html

� ������� ��� ����稫 ����� ����� ࠡ���� ���䨣����, ⮫쪮 ���� ���:

1. � ���ந� ������ IPSec �����䨪��� 㯮୮ ����� � Username (�� � ������ ᠬ�� ��� �࠭���� ���� ஢) �� ���ਫ �� ���� �����, ��� ⮫쪮 �� ���⨫ �� �� ����� ����,
� ������ ⠪�� �஡��� ���

2. ��ਯ� �� ᪮�쪮 � ���� �� ���� � ���� �� ������� (��� ������� �ਢ� �⠢���� �� �������� �� ����� 4 ��� �뫮),
� ��饬 � ���� ��ࠡ�⠫ ⠪�� ��ਪ:

#!/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin

mtu=1400
me=10.10.10.1

case "$PLUTO_VERB" in
up-client)
if [ -n "$PLUTO_REQID" ]; then
ifname=$(ifconfig ipsec create)

ifconfig $ifname group "r${PLUTO_REQID}g"

ifconfig $ifname inet $me "$PLUTO_PEER_SOURCEIP" netmask 255.255.255.255
ifconfig $ifname reqid "$PLUTO_REQID"
ifconfig $ifname mtu $mtu up

route delete $me >/dev/null 2>&1
route add $me -iface $ifname
fi
;;
down-client)
if [ -n "$PLUTO_REQID" ]; then

ifname=$(ifconfig -g "r${PLUTO_REQID}g")
if [ -n "$ifname" ]; then

for i in $ifname; do
ifconfig $i destroy
done
fi

route delete $me >/dev/null 2>&1
fi
;;
esac
exit 0

��� ���䨣 � ⠪�� ����:

connections {
vpn {
version = 2
send_cert = always
pull = 0
dpd_delay = 5
local_addrs = <my ext IP>
pools = radius
proposals = 3des-aes128-aes192-aes256-sha1-sha256-sha384-modp1024,aes256-sha256-modp2048,aes256-sha256-modp1024,aes256-sha256-modp4096,default
reauth_time = 0
encap = yes
fragmentation = yes
mobike = yes

local {
auth = pubkey
certs = <cert>
id = fqdn:<domain name>
}

remote {
auth = eap-radius
eap_id = %any
}

children {
roadw-eap {
mode = tunnel
ipcomp = no
copy_df = no
start_action = none
close_action = clear
dpd_action = clear
local_ts = 0.0.0.0/0
remote_ts = dynamic
esp_proposals = 3des-aes128-aes192-aes256-sha1-sha256-sha384-modp1024,aes256-sha256-modp2048,aes256-sha256-modp1024,aes256-sha256-modp4096,default
rekey_time = 0
updown = /usr/local/etc/swanctl/conf.d/updown.sh
}
}
}
}

pools {
radius {
addrs = 10.10.10.2-10.10.10.254
dns = 10.10.10.1, 8.8.8.8, 1.1.1.1
}
}


���� ࠤ��� �����:
eap-radius {
eap_start = no
load = yes
forward_identity = yes
servers {
radius {
address = 127.0.0.1
secret = <secret>
auth_port = 1812
acct_port = 1813
retransmit_base = 1.0
retransmit_tries = 5
sockets = 5
nas_identifier = <fqdn>
}
}
}

ࠤ��� ����� mschap:
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
winbind = yes
ntlm_auth = "/usr/local/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{mschap:User-Name}:-%{%{User-Name}:-None}}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"
ntlm_auth_timeout = 10
with_ntdomain_hack = yes

pool {
start = ${thread[pool].start_servers}
min = ${thread[pool].min_spare_servers}
max = ${thread[pool].max_servers}
spare = ${thread[pool].max_spare_servers}
uses = 0
retry_delay = 10
lifetime = 86400
cleanup_interval = 300
idle_timeout = 600
}

}


� ������訬� ��������ﬨ, Sergey Anohin.

--- wfido
* Origin: https://5034.ru/wfido (2:5034/10.1)

23 ﭢ. 2026, ��⭨�, � 12:55 NOVT, Sergey Anohin ����ᠫ(�):

2. ��ਯ� �� ᪮�쪮 � ���� �� ���� � ���� �� ������� (��� ������� �ਢ�
�⠢���� �� �������� �� ����� 4 ��� �뫮),

��ਯ� ࠡ�稩, �� ���� ��७��� ��ப ���ࠢ��쭮 �ய�ᠫ.

� ��饬 � ���� ��ࠡ�⠫ ⠪�� ��ਪ:
#!/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin
mtu=1400
me=10.10.10.1
case "$PLUTO_VERB" in
up-client)
if [ -n "$PLUTO_REQID" ]; then
ifname=$(ifconfig ipsec create)
ifconfig $ifname group "r${PLUTO_REQID}g"
ifconfig $ifname inet $me "$PLUTO_PEER_SOURCEIP" netmask 255.255.255.255

H����祭�� IP ��⮬���᪨ �������� up, ���⮬� ��ன up ���� ��譨�.

ifconfig $ifname reqid "$PLUTO_REQID"
ifconfig $ifname mtu $mtu up

����� mtu ��᫥ ��⠭������� IP ����� �ਢ����� � �஡�����,
��७�� ᬥ�� mtu ���� � ���� ������� � �����祭��� IP,
���� ���� ��� �����祭�� IP.

route delete $me >/dev/null 2>&1
route add $me -iface $ifname

��� �� ������⭮ �� �������. H�䨣� �� 㤠����
������� �� IP-���� ᠬ��� �ࢥ�? H�䨣� ��
��ᮢ뢠��� ⠪�� ������� � ������᪨� ����䥩�?
H�祣� �⮣� �� �㦭� � ���� �����᫥��� �� � �।��.

Eugene
--- slrn/1.0.3 (FreeBSD)
* Origin: RDTC JSC (2:5006/1@fidonet)

Hello, Eugene!

��ਯ� ࠡ�稩, �� ���� ��७��� ��ப ���ࠢ��쭮 �ய�ᠫ.

����� �㤥� ���ᬮ���� �� ���㣥

route delete $me >/dev/null 2>&1
route add $me -iface $ifname

��� �� ������⭮ �� �������. H�䨣� �� 㤠����
������� �� IP-���� ᠬ��� �ࢥ�? H�䨣� ��
��ᮢ뢠��� ⠪�� ������� � ������᪨� ����䥩�?
H�祣� �⮣� �� �㦭� � ���� �����᫥��� �� � �।��.

�� �ਯ⮬ �� ���� (� �ਯ� � ���� me=10.10.10.1):

ipsec0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1460
description: ikev2: <IPSEC id> 10.10.10.2 <vpn-server-ext-ip> <vpn-client-ext-ip>
tunnel inet <vpn-server-ext-ip> --> <vpn-client-ext-ip>
inet 10.10.10.1 --> 10.10.10.2 netmask 0xffffffff
groups: ipsec r1g
reqid: 1
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

Routing tables

Internet:
Destination Gateway Flags Netif Expire
[��१���]
10.10.10.1 link#12 UHS lo0
10.10.10.2 link#12 UH ipsec0
[��१���]



� ������訬� ��������ﬨ, Sergey Anohin.

--- wfido
* Origin: https://5034.ru/wfido (2:5034/10.1)

Hello, Eugene!

route delete $me >/dev/null 2>&1
route add $me -iface $ifname

��� �� ������⭮ �� �������. H�䨣� �� 㤠����
������� �� IP-���� ᠬ��� �ࢥ�? H�䨣� ��
��ᮢ뢠��� ⠪�� ������� � ������᪨� ����䥩�?
H�祣� �⮣� �� �㦭� � ���� �����᫥��� �� � �।��.

���⪨� ����� ��, ᯠᨡ� �� ����砭��, ���ࠢ��!

� ���� ��砥 ��蠥� ��ப�:
tunnel "$PLUTO_ME" "$PLUTO_PEER"

��� �⮣� ࠡ�⠥�

#!/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin

mtu=1400
me=10.10.10.1

case "$PLUTO_VERB" in
up-client)
if [ -n "$PLUTO_REQID" ]; then
ifname=$(ifconfig ipsec create)
ifconfig $ifname group "r${PLUTO_REQID}g"
ifconfig $ifname inet $me "$PLUTO_PEER_SOURCEIP" netmask 255.255.255.255 reqid "$PLUTO_REQID" mtu $mtu
fi
;;
down-client)
if [ -n "$PLUTO_REQID" ]; then
ifname=$(ifconfig -g "r${PLUTO_REQID}g")
if [ -n "$ifname" ]; then
for i in $ifname; do
ifconfig $i destroy
done
fi
fi
;;
esac
exit 0




� ������訬� ��������ﬨ, Sergey Anohin.

--- wfido
* Origin: https://5034.ru/wfido (2:5034/10.1)

Hello, Eugene!

��ਯ� ࠡ�稩, �� ���� ��७��� ��ப ���ࠢ��쭮 �ய�ᠫ.

�⮣�, � ���� ���� �ਯ� ���:

https://dadv.livejournal.com/210154.html

ࠡ�稩, �� �᫨ ����:

tunnel "$PLUTO_ME" "$PLUTO_PEER"

�������� � ���� ᯥ���᪠� ���䨣���� �����-�.
� ���� ���譨� IP ����������� ����䥩� ng0 �१ mpd5 � pppoe.

�᫨ ��� tunnel �
#setkey -DP
10.10.10.2[any] 0.0.0.0/0[any] any
in ipsec
esp/tunnel/<ext-vpn-client-ip>-<ext-vpn-server-ip>/unique:1
created: Jan 27 22:36:37 2026 lastused: Jan 27 22:36:52 2026
lifetime: 9223372036854775807(s) validtime: 0(s)
spid=537 seq=1 pid=44426 scope=global
refcnt=3
0.0.0.0/0[any] 10.10.10.2[any] any
out ipsec
esp/tunnel/<ext-vpn-server-ip>-<ext-vpn-client-ip>/unique:1
created: Jan 27 22:36:37 2026 lastused: Jan 27 22:36:48 2026
lifetime: 9223372036854775807(s) validtime: 0(s)
spid=538 seq=0 pid=44426 scope=global
refcnt=3

�᫨ � tunnel, �

# setkey -DP
10.10.10.2[any] 0.0.0.0/0[any] any
in ipsec
esp/tunnel/<ext-vpn-client-ip>-<ext-vpn-server-ip>/unique:1
created: Jan 27 22:38:15 2026 lastused: Jan 27 22:38:16 2026
lifetime: 9223372036854775807(s) validtime: 0(s)
spid=539 seq=5 pid=45069 scope=global
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in ipsec
esp/tunnel/<ext-vpn-client-ip>-<ext-vpn-server-ip>/unique:1
spid=545 seq=4 pid=45069 scope=ifnet ifname=ipsec0
refcnt=1
::/0[any] ::/0[any] any
in ipsec
esp/tunnel/<ext-vpn-client-ip>-<ext-vpn-server-ip>/unique:1
spid=547 seq=3 pid=45069 scope=ifnet ifname=ipsec0
refcnt=1
0.0.0.0/0[any] 10.10.10.2[any] any
out ipsec
esp/tunnel/<ext-vpn-server-ip>-<ext-vpn-client-ip>/unique:1
created: Jan 27 22:38:15 2026 lastused: Jan 27 22:38:15 2026
lifetime: 9223372036854775807(s) validtime: 0(s)
spid=540 seq=2 pid=45069 scope=global
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out ipsec
esp/tunnel/<ext-vpn-server-ip>-<ext-vpn-client-ip>/unique:1
spid=546 seq=1 pid=45069 scope=ifnet ifname=ipsec0
refcnt=1
::/0[any] ::/0[any] any
out ipsec
esp/tunnel/<ext-vpn-server-ip>-<ext-vpn-client-ip>/unique:1
spid=548 seq=0 pid=45069 scope=ifnet ifname=ipsec0
refcnt=1

� tunnel ��䨪 �� 室��.

� ������訬� ��������ﬨ, Sergey Anohin.

--- wfido
* Origin: https://5034.ru/wfido (2:5034/10.1)

27 ﭢ. 2026, ��୨�, � 22:44 NOVT, Sergey Anohin ����ᠫ(�):

[skip]

� tunnel ��䨪 �� 室��.

� /etc/sysctl.conf ������:

net.key.preferred_oldsa=0
net.inet.ipsec.filtertunnel=1

� ���� ��१���㧨��, ���� 㤠�� �� ����⨪� ���������:
setkey -F; setkey -FP

Eugene
--
����� - ����� �. � ��� �� ��⮥.
--- slrn/1.0.3 (FreeBSD)
* Origin: RDTC JSC (2:5006/1@fidonet)

Hello, Eugene!

� tunnel ��䨪 �� 室��.

� /etc/sysctl.conf ������:
net.key.preferred_oldsa=0
net.inet.ipsec.filtertunnel=1
� ���� ��१���㧨��, ���� 㤠�� �� ����⨪� ���������:
setkey -F; setkey -FP

# sysctl net.key.preferred_oldsa=0
net.key.preferred_oldsa: 1 -> 0
# sysctl net.inet.ipsec.filtertunnel=1
net.inet.ipsec.filtertunnel: 0 -> 1

# setkey -F; setkey -FP
# setkey -D
No SAD entries.
# setkey -DP
No SPD entries.

��᫥ ������祭��:

ipsec0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1400
description: ikev2: <IPSEC ID> 10.10.10.2 <ext-server IP> <ext client IP>
tunnel inet <ext-server IP> --> <ext client IP>
inet 10.10.10.1 --> 10.10.10.2 netmask 0xffffffff
groups: ipsec r1g
reqid: 1
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

# netstat -nr
Routing tables
Internet:
Destination Gateway Flags Netif Expire
[skip]
10.10.10.1 link#12 UHS lo0
10.10.10.2 link#12 UH ipsec0
[skip]

# setkey -DP
10.10.10.2[any] 0.0.0.0/0[any] any
in ipsec
esp/tunnel/<ext client IP>-<ext-server IP>/unique:1
created: Feb 4 15:13:15 2026 lastused: Feb 4 15:13:20 2026
lifetime: 9223372036854775807(s) validtime: 0(s)
spid=42 seq=5 pid=78425 scope=global
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in ipsec
esp/tunnel/<ext client IP>-<ext-server IP>/unique:1
spid=48 seq=4 pid=78425 scope=ifnet ifname=ipsec0
refcnt=1
::/0[any] ::/0[any] any
in ipsec
esp/tunnel/<ext client IP>-<ext-server IP>/unique:1
spid=50 seq=3 pid=78425 scope=ifnet ifname=ipsec0
refcnt=1
0.0.0.0/0[any] 10.10.10.2[any] any
out ipsec
esp/tunnel/<ext-server IP>-<ext client IP>/unique:1
created: Feb 4 15:13:15 2026 lastused: Feb 4 15:13:15 2026
lifetime: 9223372036854775807(s) validtime: 0(s)
spid=43 seq=2 pid=78425 scope=global
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out ipsec
esp/tunnel/<ext-server IP>-<ext client IP>/unique:1
spid=49 seq=1 pid=78425 scope=ifnet ifname=ipsec0
refcnt=1
::/0[any] ::/0[any] any
out ipsec
esp/tunnel/<ext-server IP>-<ext client IP>/unique:1
spid=51 seq=0 pid=78425 scope=ifnet ifname=ipsec0
refcnt=1
# setkey -D
<ext-server IP>[4500] <ext client IP>[2179]
esp-udp mode=tunnel spi=2110722774(0x7dcf12d6) reqid=1(0x00000001)
E: aes-cbc d477e360 96a42912 374872ac 118bf3b7
A: hmac-sha2-256 982be6e5 0fb787e1 534b06a2 0316c79d 8d36780a 68e44803 835cf57a b210151a
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Feb 4 15:13:15 2026 current: Feb 4 15:13:26 2026
diff: 11(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=1 pid=78460 refcnt=1
<ext client IP>[2179] <ext-server IP>[4500]
esp-udp mode=tunnel spi=3302333642(0xc4d59cca) reqid=1(0x00000001)
E: aes-cbc f4bcdd87 9df6c238 27e46a23 ad8c3c65
A: hmac-sha2-256 8415e870 1da5143a fdf6578a bfec9da5 2b034c10 8fc43f04 a27661f4 92731653
seq=0x00000023 replay=4 flags=0x00000000 state=mature
created: Feb 4 15:13:15 2026 current: Feb 4 15:13:26 2026
diff: 11(s) hard: 0(s) soft: 0(s)
last: Feb 4 15:13:15 2026 hard: 0(s) soft: 0(s)
current: 9444(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 35 hard: 0 soft: 0
sadb_seq=0 pid=78460 refcnt=1



� ����� �� ���� �� 10.10.10.2

���-� � ����砫 �� ������� ���������� ��ᠫ� ��-�. �� �� �����-� ������ ���� ���ᨨ ��?

FreeBSD server.5034.ru 13.2-RELEASE-p9 FreeBSD 13.2-RELEASE-p9 releng/13.2-c78c31d2e SERVER amd64

�᫨ ��� ��樨 tunnel

# setkey -D
<ext-server IP>[4500] <ext-client IP>[2234]
esp-udp mode=tunnel spi=634435229(0x25d0b69d) reqid=1(0x00000001)
E: aes-cbc 179659a9 7fcbe14f 98cd2176 cca6b455
A: hmac-sha2-256 eef7520e aa527d40 287e73a9 5fc3e980 bea5285c 95f90992 4b40dbd8 67d0b2a3
seq=0x0000003a replay=0 flags=0x00000000 state=mature
created: Feb 4 15:22:23 2026 current: Feb 4 15:22:27 2026
diff: 4(s) hard: 0(s) soft: 0(s)
last: Feb 4 15:22:23 2026 hard: 0(s) soft: 0(s)
current: 29800(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 58 hard: 0 soft: 0
sadb_seq=1 pid=83828 refcnt=1
<ext-client IP>[2234] <ext-server IP>[4500]
esp-udp mode=tunnel spi=3449724873(0xcd9e9fc9) reqid=1(0x00000001)
E: aes-cbc ba750ccd 221efd45 ae3200ce 26891904
A: hmac-sha2-256 92a7b3cb a2a5bb75 9a23591f 90c46044 a05e54f2 7982f038 4f89aec8 dbc265c9
seq=0x00000045 replay=4 flags=0x00000000 state=mature
created: Feb 4 15:22:23 2026 current: Feb 4 15:22:27 2026
diff: 4(s) hard: 0(s) soft: 0(s)
last: Feb 4 15:22:23 2026 hard: 0(s) soft: 0(s)
current: 9257(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 69 hard: 0 soft: 0
sadb_seq=0 pid=83828 refcnt=1
# setkey -DP
10.10.10.2[any] 0.0.0.0/0[any] any
in ipsec
esp/tunnel/<ext-client IP>-<ext-server IP>/unique:1
created: Feb 4 15:22:23 2026 lastused: Feb 4 15:22:24 2026
lifetime: 9223372036854775807(s) validtime: 0(s)
spid=62 seq=1 pid=83836 scope=global
refcnt=1
0.0.0.0/0[any] 10.10.10.2[any] any
out ipsec
esp/tunnel/<ext-server IP>-<ext-client IP>/unique:1
created: Feb 4 15:22:23 2026 lastused: Feb 4 15:22:24 2026
lifetime: 9223372036854775807(s) validtime: 0(s)
spid=63 seq=0 pid=83836 scope=global
refcnt=1

� ��� 室��

� ������訬� ��������ﬨ, Sergey Anohin.

--- wfido
* Origin: https://5034.ru/wfido (2:5034/10.1)

04 䥢�. 2026, �।�, � 15:26 NOVT, Sergey Anohin ����ᠫ(�):

���-� � ����砫 �� ������� ���������� ��ᠫ� ��-�. �� �� �����-� ������ ���� ���ᨨ ��?
FreeBSD server.5034.ru 13.2-RELEASE-p9 FreeBSD 13.2-RELEASE-p9 releng/13.2-c78c31d2e SERVER amd64

H� �᪫�祭�, ����� �����-����� EoL � ���� �� �⠭��
ࠧ�������, �� ⠬ � ��� �뫮 �� �����. �������� ��� ������ �� 13.5,
��� � �� ���� ��⠫��� �������. ����� 祬 �१ ����� �멤�� 14.4,
⨯� ����.

Eugene
--
� �祭� 㯮�������� ���祭���� ᫮��, ���ண� �����騪 ���⠢�� ��। �ॣࠤ��. �� �������� ᨫ�� ࠧ㬠, ��� ᫮� --- ᨫ�� ����, ���稭���� �ਪ���. �� �����砩�� 㤮���: �祭� ��뭥 ��⮢ �� ��, ⠪ ��� �� ��
�� 㦥 �� �⢥砥�.
--- slrn/1.0.3 (FreeBSD)
* Origin: RDTC JSC (2:5006/1@fidonet)

Hello, Eugene!

H� �᪫�祭�, ����� �����-����� EoL � ���� �� �⠭��
ࠧ�������, �� ⠬ � ��� �뫮 �� �����. �������� ��� ������ �� 13.5, ��� � �� ���� ��⠫��� �������. ����� 祬 �१ ����� �멤�� 14.4,
⨯� ����.

��� ����� � ������, ���� �⥫ �� 13�� latest, ��⮬ ��룭��� �� 14. ���� �த� ��� � �� ᮡ࠭� �뫮, �� 㦥 �� �����, ��� ���ᮡ���.
� �㭤����⠫쭮, �� ���� ���� tunnel? � ⮬ ����� �᫨ � ��� ��� ࠡ�⠥�. ��� ⨯� ������ ���� �������? ��� ��� �� ������ ࠡ����?

� ������訬� ��������ﬨ, Sergey Anohin.

--- wfido
* Origin: https://5034.ru/wfido (2:5034/10.1)

09 䥢�. 2026, �������쭨�, � 12:12 NOVT, Sergey Anohin ����ᠫ(�):

� �㭤����⠫쭮, �� ���� ���� tunnel? � ⮬ ����� �᫨ � ��� ��� ࠡ�⠥�.
��� ⨯� ������ ���� �������? ��� ��� �� ������ ࠡ����?

�� man ipsec:

To properly filter on the inner packets of an ipsec tunnel with
firewalls, you can change the values of the following sysctls

Name Default Enable
net.inet.ipsec.filtertunnel 0 1
net.inet6.ipsec6.filtertunnel 0 1

�ᯥ譮 ����஢���� �室�騥 ������ �� ��䮫�� �������
����७�묨 � �� �ய�᪠���� �१ ������ 䨫����,
� ���⠢������ �ࠧ�. ��४��祭�� filtertunnel � 1 ����砥�
䨫����� ⠪�� �室��� ����⮢ ��᫥ ����஢��.

Eugene
--
�४��� ⮭�� ��諨䮢����� �ࠣ�業�����; ������⥫�, ࠭���� � ���;
᫮� �� �६� �窨; ४�, �������� �����; �㭠 �� ��室�; � ���騭�, ����७��� ��᫠�������, � ���⥫�, �⤠�訩 �� ��騬. (��ଠ)
--- slrn/1.0.3 (FreeBSD)
* Origin: RDTC JSC (2:5006/1@fidonet)

09 䥢�. 2026, �������쭨�, � 12:12 NOVT, Sergey Anohin ����ᠫ(�):

� �㭤����⠫쭮, �� ���� ���� tunnel? � ⮬ ����� �᫨ � ��� ��� ࠡ�⠥�.
��� ⨯� ������ ���� �������? ��� ��� �� ������ ࠡ����?

� �᫨ �� �� ����ன�� tunnel ����䥩� ipsecX,
� ��� �室�饣� ��䨪� ��� ��।����, �१ �����
�� ⠪�� ����䥩ᮢ ��䨪 �㤥� "�室���", ��� tcpdump,
��� ipfw, ��� ���稪�� ࠧ���.

Eugene
--
����� - ����� �. � ��� �� ��⮥.
--- slrn/1.0.3 (FreeBSD)
* Origin: RDTC JSC (2:5006/1@fidonet)

Hello, Eugene!

� �᫨ �� �� ����ன�� tunnel ����䥩� ipsecX,
� ��� �室�饣� ��䨪� ��� ��।����, �१ �����
�� ⠪�� ����䥩ᮢ ��䨪 �㤥� "�室���", ��� tcpdump,
��� ipfw, ��� ���稪�� ࠧ���.

��, �� ⠪, ��� ��樨 tunnel ��䨪 �� ������ � tcpdump �� ipsec0, �� �� 室��.
��᫥ ���������� ��� ᬮ���� �� ⠬, ���� �� � ���� ⮫쪮 �� ����⨪� setkey �⫨����� � tunnel � ���.

� ������訬� ��������ﬨ, Sergey Anohin.

--- wfido
* Origin: https://5034.ru/wfido (2:5034/10.1)