Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall rules in ipsec Vpn

    Scheduled Pinned Locked Moved
    2.0-RC Snapshot Feedback and Problems - RETIRED
    2
    3
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      optronic
      last edited by

      hi

      Im using 1 test box with the latest snapshot 2.0AA and a ipsec tunnel with a router Linksys AG241V2.
      Ipsec work fine but the firewall rules for ipsec seems not block any packets from Linksys.
      Without rules all traffic is always permitted from router.
      Using 1.2 i need ipsec rules to permit any traffic from router.

      Someone tested ?, maybe i missed something ?

      Thanks

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        Show the output of sysctl -a | grep enc or sysctl -a | grep ipsec

        1 Reply Last reply Reply Quote 0
        • O
          optronic
          last edited by

          ok

          $ sysctl -a | grep enc
          kern.timecounter.tc.i8254.frequency: 1193182
          kern.timecounter.tc.ACPI-fast.frequency: 3579545
          kern.timecounter.tc.TSC.frequency: 997508645
          net.inet.ip.sendsourcequench: 0
          net.enc.out.ipsec_bpf_mask: 0000000000
          net.enc.out.ipsec_filter_mask: 0x00000002
          net.enc.in.ipsec_bpf_mask: 0000000000
          net.enc.in.ipsec_filter_mask: 0x00000001
          debug.dopersistence: 0
          dev.p4tcc.0.%desc: CPU Frequency Thermal Control

          $ sysctl -a | grep ipsec
          net.inet.ipsec.def_policy: 1
          net.inet.ipsec.esp_trans_deflev: 1
          net.inet.ipsec.esp_net_deflev: 1
          net.inet.ipsec.ah_trans_deflev: 1
          net.inet.ipsec.ah_net_deflev: 1
          net.inet.ipsec.ah_cleartos: 1
          net.inet.ipsec.ah_offsetmask: 0
          net.inet.ipsec.dfbit: 0
          net.inet.ipsec.ecn: 0
          net.inet.ipsec.debug: 0
          net.inet.ipsec.esp_randpad: -1
          net.inet.ipsec.crypto_support: 50331648
          net.inet6.ipsec6.def_policy: 1
          net.inet6.ipsec6.esp_trans_deflev: 1
          net.inet6.ipsec6.esp_net_deflev: 1
          net.inet6.ipsec6.ah_trans_deflev: 1
          net.inet6.ipsec6.ah_net_deflev: 1
          net.inet6.ipsec6.ecn: 0
          net.inet6.ipsec6.debug: 0
          net.inet6.ipsec6.esp_randpad: -1
          net.enc.out.ipsec_bpf_mask: 0000000000
          net.enc.out.ipsec_filter_mask: 0x00000002
          net.enc.in.ipsec_bpf_mask: 0000000000
          net.enc.in.ipsec_filter_mask: 0x00000001

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.