On 10/01/2017 01:27 PM, Jason Timmins wrote: > Hi Tom, > > This trace file is a bit longer than I'd have liked but you should be able to > find references to my machine, 10.1.4.41, trying to ping 8.8.8.8. >
Okay -- you have no IPSEC policy covering these packets. What appears to be happening is that once they get through the routing stage of the IP stack flow, they are no longer processed by Netfilter (possibly because they match neither 'pol ipsec' nor 'pol none'). As my own IPSEC foo is rather weak, my attempts to produce a working IPSEC policy configuration for this case have all failed. Regards, -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
