Project

General

Profile

Actions

Bug #2688

closed

Dynamic DNS IPsec endpoints not allowed through firewall rules

Added by Seth Mos about 9 years ago. Updated almost 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
11/19/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:

Description

Previously in 2.1 there were rules in rules.debug for allowing IPsec traffic from dyndns hostname IPsec endpoints.

Moving from a July to a November snapshot broke this functionality. Because the IPsec is not allowed through the firewall the tunnels will obviously not come up anymore.

Workaround is creating 2 manual rules on the WAN interface to allow ESP and UDP 500 from anywhere to the CARP vip hosting the IPsec service. Since adding these as 300 separate rules or an alias is insane, everything we need is already in the IPsec config

Actions #1

Updated by Ermal Luçi about 9 years ago

  • Status changed from New to Feedback

Should be fixed on new snapshots.

Actions #2

Updated by Seth Mos almost 9 years ago

  • Status changed from Feedback to Resolved

Works now, erronous return instead of a continue; One entry caused all rules to be skipped

Actions

Also available in: Atom PDF