Firewall rules in ipsec Vpn
-
hi
Im using 1 test box with the latest snapshot 2.0AA and a ipsec tunnel with a router Linksys AG241V2.
Ipsec work fine but the firewall rules for ipsec seems not block any packets from Linksys.
Without rules all traffic is always permitted from router.
Using 1.2 i need ipsec rules to permit any traffic from router.Someone tested ?, maybe i missed something ?
Thanks
-
Show the output of sysctl -a | grep enc or sysctl -a | grep ipsec
-
ok
$ sysctl -a | grep enc
kern.timecounter.tc.i8254.frequency: 1193182
kern.timecounter.tc.ACPI-fast.frequency: 3579545
kern.timecounter.tc.TSC.frequency: 997508645
net.inet.ip.sendsourcequench: 0
net.enc.out.ipsec_bpf_mask: 0000000000
net.enc.out.ipsec_filter_mask: 0x00000002
net.enc.in.ipsec_bpf_mask: 0000000000
net.enc.in.ipsec_filter_mask: 0x00000001
debug.dopersistence: 0
dev.p4tcc.0.%desc: CPU Frequency Thermal Control$ sysctl -a | grep ipsec
net.inet.ipsec.def_policy: 1
net.inet.ipsec.esp_trans_deflev: 1
net.inet.ipsec.esp_net_deflev: 1
net.inet.ipsec.ah_trans_deflev: 1
net.inet.ipsec.ah_net_deflev: 1
net.inet.ipsec.ah_cleartos: 1
net.inet.ipsec.ah_offsetmask: 0
net.inet.ipsec.dfbit: 0
net.inet.ipsec.ecn: 0
net.inet.ipsec.debug: 0
net.inet.ipsec.esp_randpad: -1
net.inet.ipsec.crypto_support: 50331648
net.inet6.ipsec6.def_policy: 1
net.inet6.ipsec6.esp_trans_deflev: 1
net.inet6.ipsec6.esp_net_deflev: 1
net.inet6.ipsec6.ah_trans_deflev: 1
net.inet6.ipsec6.ah_net_deflev: 1
net.inet6.ipsec6.ecn: 0
net.inet6.ipsec6.debug: 0
net.inet6.ipsec6.esp_randpad: -1
net.enc.out.ipsec_bpf_mask: 0000000000
net.enc.out.ipsec_filter_mask: 0x00000002
net.enc.in.ipsec_bpf_mask: 0000000000
net.enc.in.ipsec_filter_mask: 0x00000001