Project

General

Profile

Actions

Bug #2688

closed

Dynamic DNS IPsec endpoints not allowed through firewall rules

Added by Seth Mos about 12 years ago. Updated almost 12 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
11/19/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:

Description

Previously in 2.1 there were rules in rules.debug for allowing IPsec traffic from dyndns hostname IPsec endpoints.

Moving from a July to a November snapshot broke this functionality. Because the IPsec is not allowed through the firewall the tunnels will obviously not come up anymore.

Workaround is creating 2 manual rules on the WAN interface to allow ESP and UDP 500 from anywhere to the CARP vip hosting the IPsec service. Since adding these as 300 separate rules or an alias is insane, everything we need is already in the IPsec config

Actions

Also available in: Atom PDF