Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec Passthrough not working

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cheeser
      last edited by

      I have disabled the allow any rule from the LAN subnet and have started to create a rule for each type of traffic we would allow inside users to access. It has not been as bad as it sounds. Very few complaints from a non tech user base.

      Anyhow, IPsec Passthrough option is enabled via the NAT Outbound tab but IPSec VPNs cannot go through with the "LAN subnet" to anywhere rule disabled.

      I have made a rule that allows clients from the "LAN Subnet" to connect to any host via UDP 500 thinking the establishment of a connection would allow the outside host back in on whatever port is necessary for key negotiation. I have apparently screwed something up or do not understand exactly what is happening. Can anyone provide assistance?

      Thanks

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        You need to allow protocol esp and ah additionally to go out/through.

        1 Reply Last reply Reply Quote 0
        • C
          cheeser
          last edited by

          Allowing AH, ESP, and UDP 42000 outbound from the LAN subnet did the trick. Thanks for the help.  :D

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.