Firewall rules in ipsec Vpn



  • hi

    Im using 1 test box with the latest snapshot 2.0AA and a ipsec tunnel with a router Linksys AG241V2.
    Ipsec work fine but the firewall rules for ipsec seems not block any packets from Linksys.
    Without rules all traffic is always permitted from router.
    Using 1.2 i need ipsec rules to permit any traffic from router.

    Someone tested ?, maybe i missed something ?

    Thanks



  • Show the output of sysctl -a | grep enc or sysctl -a | grep ipsec



  • ok

    $ sysctl -a | grep enc
    kern.timecounter.tc.i8254.frequency: 1193182
    kern.timecounter.tc.ACPI-fast.frequency: 3579545
    kern.timecounter.tc.TSC.frequency: 997508645
    net.inet.ip.sendsourcequench: 0
    net.enc.out.ipsec_bpf_mask: 0000000000
    net.enc.out.ipsec_filter_mask: 0x00000002
    net.enc.in.ipsec_bpf_mask: 0000000000
    net.enc.in.ipsec_filter_mask: 0x00000001
    debug.dopersistence: 0
    dev.p4tcc.0.%desc: CPU Frequency Thermal Control

    $ sysctl -a | grep ipsec
    net.inet.ipsec.def_policy: 1
    net.inet.ipsec.esp_trans_deflev: 1
    net.inet.ipsec.esp_net_deflev: 1
    net.inet.ipsec.ah_trans_deflev: 1
    net.inet.ipsec.ah_net_deflev: 1
    net.inet.ipsec.ah_cleartos: 1
    net.inet.ipsec.ah_offsetmask: 0
    net.inet.ipsec.dfbit: 0
    net.inet.ipsec.ecn: 0
    net.inet.ipsec.debug: 0
    net.inet.ipsec.esp_randpad: -1
    net.inet.ipsec.crypto_support: 50331648
    net.inet6.ipsec6.def_policy: 1
    net.inet6.ipsec6.esp_trans_deflev: 1
    net.inet6.ipsec6.esp_net_deflev: 1
    net.inet6.ipsec6.ah_trans_deflev: 1
    net.inet6.ipsec6.ah_net_deflev: 1
    net.inet6.ipsec6.ecn: 0
    net.inet6.ipsec6.debug: 0
    net.inet6.ipsec6.esp_randpad: -1
    net.enc.out.ipsec_bpf_mask: 0000000000
    net.enc.out.ipsec_filter_mask: 0x00000002
    net.enc.in.ipsec_bpf_mask: 0000000000
    net.enc.in.ipsec_filter_mask: 0x00000001


Log in to reply