Bug #4770
closed
Packet Filter Reject IPSEC packets
0%
Description
Periodically the firewall starts firewalling traffic coming through one or more IPSEC tunnels. Doing "Filter Reload" or restarting IPSEC sometimes works. Otherwise the firewall needs a reboot.
This only started occurring after upgrade from 2.1.x to 2.2.x
Files
Updated by Chris Buechler over 9 years ago
- Status changed from New to Feedback
what's the rule that's blocking it? click the red X.
doubt this is a bug, probably something like Snort enabled with auto-blocking and triggering something there.
Updated by Nei Ka over 9 years ago
@5(1000000103) block drop in log inet all label "Default deny rule IPv4"
We aren't running anything clever like snort. And we obviously haven't changed the firewall rules. See attached for the current rules. The greyed out rule was added previously when this problem occurred.
Updated by Ermal Luçi over 9 years ago
Can you also describe your tunnel configuration here?
Updated by Nei Ka over 9 years ago
How much detail do you want? I'd rather not leak all our info onto the net.
Updated by Ermal Luçi over 9 years ago
Just what algorithms and what version of ipsec you are using.
Preferably send me /var/etc/ipsec/ipsec.conf and /tmp/rules.debug to eri@
Updated by Chris Buechler almost 9 years ago
- Category set to Rules / NAT
Nei: is this something you can still replicate on latest version?
I haven't heard of any such issues from anyone else, but would like to take a look at your system if you're still having an issue on 2.2.6 or 2.3.
Updated by Nei Ka almost 9 years ago
We are on 2.2.6 all round now and don't seem to be having this issue any more.
Updated by Chris Buechler almost 9 years ago
- Status changed from Feedback to Resolved
thanks for the feedback