Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Automatic IPSec Rules

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Briantist
      last edited by

      I am on 2.1 and I have Disable Auto-added VPN rules unchecked (so VPN rules are being set automatically). I would like to disable the auto rules because I deleted a tunnel, but the other end never deleted theirs and it's flooding the IPSec logs with connection attempts. Plus I'd rather have this explicitly set and noticeable, but the logs flooding has upped the priority.

      So I'm wondering what rules I would have to add to replace the auto-generated ones? I have other tunnels and I don't want to disrupt them so I'd like to put the necessary rules in place before I disable to auto-generated ones.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        For IPsec, you need to allow:

        • udp/500 (ISAKMP)
        • udp/4500 (NAT-T)
        • ESP

        You need only allow those from your remote IPsec peers and not the world, unless you use mobile IPsec tunnels.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.