Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    enc0?

    General pfSense Questions
    3
    4
    168
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JKnott
      JKnott last edited by

      I checked ifconfig and found an interface I don't recall seeing before. It's enc0 and has a 1536 byte MTU. It does not show up in the pfSense admin interface list. Any idea what it is? Is it related to openVPN? The openVPN tunnel has a 1500 byte MTU so I'm assuming the extra 36 bytes on enc0 might be related to the openVPN header, though that should be 28 bytes. Any ideas?

      enc0: flags=0<> metric 0 mtu 1536
      nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
      groups: enc

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by stephenw10

        enc0 is the IPSec interface. You can pcap on it etc. It's been there as long as I can recall. ๐Ÿ˜‰

        https://www.freebsd.org/cgi/man.cgi?query=enc&apropos=0&sektion=4&manpath=FreeBSD+11.2-RELEASE&arch=default&format=html

        Steve

        JKnott 1 Reply Last reply Reply Quote 0
        • JKnott
          JKnott @stephenw10 last edited by

          @stephenw10 said in enc0?:

          enc0 is the IPSec interface. You can pcap on it etc. It's been there as long as I can recall. ๐Ÿ˜‰

          https://www.freebsd.org/cgi/man.cgi?query=enc&apropos=0&sektion=4&manpath=FreeBSD+11.2-RELEASE&arch=default&format=html

          Steve

          So, it's there even if I don't run IPSec? Also, it's still curious that OpenVPN shows 1500 MTU, when it still needs to allow for the header on a network with 1500 MTU. PfSense config shows 1430.

          ovpns1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
          options=80000<LINKSTATE>

          K 1 Reply Last reply Reply Quote 0
          • K
            Konstanti @JKnott last edited by Konstanti

            @jknott
            The PFsense kernel is compiled with option "device ENC", so you can see this interface even if you don't use IPSEC. In this case, it is in the state "down".

            1 Reply Last reply Reply Quote 0

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy