IPSec missing autogenerated firewall rules over IPv6
-
I just recently updated my DNS records with both A & AAAA
On LTE, I tried to initiate connection with the domain name and got "The VPN server did not respond." from my iphone (previously working). No activity logged in System Logs > IPsec.
Then I tried hardcoding my ipv4 address and it worked.Verified by [pfctl -s rules], no inet6 rules
pass in on igb0 reply-to (igbX xxx.xxx.xxx.xxx) inet proto udp from any to (self) port = isakmp keep state label "IPsec: any - inbound isakmp" -
update 1
manually added rules for IPv6: isakmp, sae-urn, esp. now it works. but I guess this is still a bug
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.