Isakmp passthrough anomaly



  • Hello everyone,

    here is my situation : I have a CaptivePortal, clients on one vlan interface, and uplink on a physical int

    I've migrated from a 2.0.1-RC3 to 2.0.3-RELEASE
    everything is working as good as previously, except for one thing : isakmp packets

    I can see incoming packets :
    12:24:23.441408 IP 172.16.xxx.yyy.55618 > aaa.bbb.ccc.ddd.500: isakmp: parent_sa ikev2_init _but nothing goes out (via the uplink link)

    Firewall rules didn't changed, I log every denied packets but those vpn ones don't appear in pflog0 so I think it's not about rules

    It seems I'm missing a sysctl options or something at kernel level, isn't it ?

    I have actived logs on "pass" rules, but I will not be able to make the vpn test today in order to prove the packet is authorized

    Thanks !_


Log in to reply