enc0?

JKnott

I checked ifconfig and found an interface I don't recall seeing before. It's enc0 and has a 1536 byte MTU. It does not show up in the pfSense admin interface list. Any idea what it is? Is it related to openVPN? The openVPN tunnel has a 1500 byte MTU so I'm assuming the extra 36 bytes on enc0 might be related to the openVPN header, though that should be 28 bytes. Any ideas?

enc0: flags=0<> metric 0 mtu 1536
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: enc

stephenw10

enc0 is the IPSec interface. You can pcap on it etc. It's been there as long as I can recall.

https://www.freebsd.org/cgi/man.cgi?query=enc&apropos=0&sektion=4&manpath=FreeBSD+11.2-RELEASE&arch=default&format=html

Steve

JKnott

@stephenw10 said in enc0?:

enc0 is the IPSec interface. You can pcap on it etc. It's been there as long as I can recall.

https://www.freebsd.org/cgi/man.cgi?query=enc&apropos=0&sektion=4&manpath=FreeBSD+11.2-RELEASE&arch=default&format=html

Steve

So, it's there even if I don't run IPSec? Also, it's still curious that OpenVPN shows 1500 MTU, when it still needs to allow for the header on a network with 1500 MTU. PfSense config shows 1430.

ovpns1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>

Konstanti

@jknott
The PFsense kernel is compiled with option "device ENC", so you can see this interface even if you don't use IPSEC. In this case, it is in the state "down".