Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    enc0?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JKnottJ
      JKnott
      last edited by

      I checked ifconfig and found an interface I don't recall seeing before. It's enc0 and has a 1536 byte MTU. It does not show up in the pfSense admin interface list. Any idea what it is? Is it related to openVPN? The openVPN tunnel has a 1500 byte MTU so I'm assuming the extra 36 bytes on enc0 might be related to the openVPN header, though that should be 28 bytes. Any ideas?

      enc0: flags=0<> metric 0 mtu 1536
      nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
      groups: enc

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by stephenw10

        enc0 is the IPSec interface. You can pcap on it etc. It's been there as long as I can recall. ๐Ÿ˜‰

        https://www.freebsd.org/cgi/man.cgi?query=enc&apropos=0&sektion=4&manpath=FreeBSD+11.2-RELEASE&arch=default&format=html

        Steve

        JKnottJ 1 Reply Last reply Reply Quote 0
        • JKnottJ
          JKnott @stephenw10
          last edited by

          @stephenw10 said in enc0?:

          enc0 is the IPSec interface. You can pcap on it etc. It's been there as long as I can recall. ๐Ÿ˜‰

          https://www.freebsd.org/cgi/man.cgi?query=enc&apropos=0&sektion=4&manpath=FreeBSD+11.2-RELEASE&arch=default&format=html

          Steve

          So, it's there even if I don't run IPSec? Also, it's still curious that OpenVPN shows 1500 MTU, when it still needs to allow for the header on a network with 1500 MTU. PfSense config shows 1430.

          ovpns1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
          options=80000<LINKSTATE>

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          K 1 Reply Last reply Reply Quote 0
          • K
            Konstanti @JKnott
            last edited by Konstanti

            @jknott
            The PFsense kernel is compiled with option "device ENC", so you can see this interface even if you don't use IPSEC. In this case, it is in the state "down".

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.