I'm wondering about how to block RFC 1918 and RFC 3927 private networks to and from the Internet interface and allow the very same networks going through an IPsec interface on the the ethernet as the Internet interface.
Configuration on the Internet ethernet:
eth0 123.4.5.5/24: Internet interface
ipsec0: 123.4.7.7/24: IPsec interface for VPNs
With a network definition of 10.0.0.0/8 with interface attribute "Internet" and a rejecting packet filter rule on it, all VPN traffic via ipsec to 10.0.0.0/8 is also blocked!
Maybe it's a bug in Astaro and I should use IPsec over an interface alias on eth0 and try again?
This thread was automatically locked due to age.
