Actions
Bug #2688
closedDynamic DNS IPsec endpoints not allowed through firewall rules
Start date:
11/19/2012
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:
Description
Previously in 2.1 there were rules in rules.debug for allowing IPsec traffic from dyndns hostname IPsec endpoints.
Moving from a July to a November snapshot broke this functionality. Because the IPsec is not allowed through the firewall the tunnels will obviously not come up anymore.
Workaround is creating 2 manual rules on the WAN interface to allow ESP and UDP 500 from anywhere to the CARP vip hosting the IPsec service. Since adding these as 300 separate rules or an alias is insane, everything we need is already in the IPsec config
Updated by Ermal Luçi about 12 years ago
- Status changed from New to Feedback
Should be fixed on new snapshots.
Updated by Seth Mos about 12 years ago
- Status changed from Feedback to Resolved
Works now, erronous return instead of a continue; One entry caused all rules to be skipped
Actions