26.09.2021 10:12, Peter Jeremy wrote:
> I'm confident that the last point is because the IPSEC processing preceeds
> the pfil processing on outbound packets, so they aren't seen as eligible
> because IPSEC is seeing the internal, rather than external, address.
I found it much suitable to keep IPS
Thanks for all the responses, they provided useful pointers. I've
discovered that the problem was at least partially my misunderstanding
of the way iked works (and my failure to mention some important
differences between my working and non-working configurations).
Note that I'm trying to configur
25.09.2021 03:31, Eugene Grosbein пишет:
> I know three main reasons that may prevent firewall+IPSec from working as
> expected:
>
> 1) for incoming packets: kernel could drop incoming packet withing ipsec code
> incrementing one of counters shown with "netstat -sp ipsec" command,
> so you should
I'm trying to setup an IPSEC transport connection between my home and
one of my VPS hosts. I can successfully setup an IPv6 connection from
an internal host to the VPS but can't setup an IPv4 connection from my
firewall to that host. I'm using openiked-portable in esp transport
mode using psk (at
CC'ing more knowledgeable developers.
25.09.2021 6:03, Peter Jeremy wrote:
> I don't understand:
> a) Why outgoing ICMP packets from firewall to VPS aren't going through
>the IPSEC transport.
> b) Why firewall is ignoring incoming IPSEC esp packets.
>
> Is anyone able to help?
I know three
Em 2021-09-24 20:03, Peter Jeremy escreveu:
I'm trying to setup an IPSEC transport connection between my home and
one of my VPS hosts. I can successfully setup an IPv6 connection from
an internal host to the VPS but can't setup an IPv4 connection from my
firewall to that host. I'm using openike
On Fri, Sep 24, 2021 at 4:04 PM Peter Jeremy wrote:
>
> IPSEC doesn't work through NAT
>
Did NAT-T stop working?
