Automatic IPSec Rules



  • I am on 2.1 and I have Disable Auto-added VPN rules unchecked (so VPN rules are being set automatically). I would like to disable the auto rules because I deleted a tunnel, but the other end never deleted theirs and it's flooding the IPSec logs with connection attempts. Plus I'd rather have this explicitly set and noticeable, but the logs flooding has upped the priority.

    So I'm wondering what rules I would have to add to replace the auto-generated ones? I have other tunnels and I don't want to disrupt them so I'd like to put the necessary rules in place before I disable to auto-generated ones.

    Thanks!


  • Rebel Alliance Developer Netgate

    For IPsec, you need to allow:

    • udp/500 (ISAKMP)
    • udp/4500 (NAT-T)
    • ESP

    You need only allow those from your remote IPsec peers and not the world, unless you use mobile IPsec tunnels.