4. Automatic IPSec Rules

Automatic IPSec Rules

  • B

    I am on 2.1 and I have Disable Auto-added VPN rules unchecked (so VPN rules are being set automatically). I would like to disable the auto rules because I deleted a tunnel, but the other end never deleted theirs and it's flooding the IPSec logs with connection attempts. Plus I'd rather have this explicitly set and noticeable, but the logs flooding has upped the priority.

    So I'm wondering what rules I would have to add to replace the auto-generated ones? I have other tunnels and I don't want to disrupt them so I'd like to put the necessary rules in place before I disable to auto-generated ones.

    Thanks!

    0
  • Rebel Alliance Developer Netgate

    For IPsec, you need to allow:

    • udp/500 (ISAKMP)
    • udp/4500 (NAT-T)
    • ESP

    You need only allow those from your remote IPsec peers and not the world, unless you use mobile IPsec tunnels.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy