Actions
Bug #13389
closed
IPsec filter rules do not match Mobile IPsec traffic when Captive Portal is enabled.
Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Captive Portal
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:
Description
Running 22.05 amd64
The following rule exists at the top of the IPsec interface:
pass in quick on enc0 inet from 172.25.100.1 to any flags S/SA keep state label "USER_RULE: test" label "id:1659457945" ridentifier 1659457945
When Captive Portal is disabled, the Android client traffic is passed by the rule. When Captive Portal is enabled, the traffic is dropped.
Aug 2 11:53:22 gw filterlog[73268]: 4,,,1000000103,enc0,match,block,in,4,0x0,,64,1850,0,DF,1,icmp,84,172.25.100.1,10.0.5.1,request,68,164
Captive Portal config is basic:
<captiveportal>
<guest>
<zone>guest</zone>
<descr><![CDATA[LAN]]></descr>
<localauth_priv></localauth_priv>
<zoneid>2</zoneid>
<interface>lan</interface>
<maxproc></maxproc>
<timeout></timeout>
<idletimeout></idletimeout>
<trafficquota></trafficquota>
<freelogins_count></freelogins_count>
<freelogins_resettimeout></freelogins_resettimeout>
<enable></enable>
<auth_method>none</auth_method>
<auth_server></auth_server>
<auth_server2></auth_server2>
<radacct_server>localhost</radacct_server>
<reauthenticateacct></reauthenticateacct>
<httpslogin></httpslogin>
<httpsname>gw.home.arpa</httpsname>
<preauthurl></preauthurl>
<blockedmacsurl></blockedmacsurl>
<certref>5b26b60fbf62b</certref>
<redirurl></redirurl>
<radmac_format>default</radmac_format>
<radiusnasid></radiusnasid>
<termsconditions></termsconditions>
<page></page>
</guest>
</captiveportal>
IPsec is a Mobile client configuration using EAP-MSChapv2.
Updated by 
Updated by
Actions