This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC VPN IPSEC Filter

Hi all,

i spend the whole weekend to get die ISPEC to work.

My configuration.

2 LAN`s and 2 Nic`s

192.168.0.0

192.168.250.0

on the 192.168.250.0 is an Access Point which i want to secure.
All traffic from 192.168.250.0 > any should be secured by IPSEC. anything else should be droped.

I set i up witch x509 certifcates and it works very well.

now my big Problem:

the Packet Filter drops the Packet from the IPSEC-Interface.

11:47:56 (none) kernel: ICMP Drop: IN=ipsec1 OUT=eth0 SRC=192.168.250.40 DST=192.168.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=27215 PROTO=ICMP TYPE=8 CODE=0 ID=1024 SEQ=24334

I used auto Filter on and off ...

used the IPSEC:XXX filter to any
and vice versa.
nothing will work.

Is there a bug or i am too stupid ?

I would be happy if anyone have a suggestion.

P.S.: Sorry for my bad english

This thread was automatically locked due to age.

Parents

0 stillbourne over 22 years ago

No you've just made a very common mistake make sure that /proc/sys/net/ipv4/conf/eth0/rp_filter is 0 not 1 you can look by doing a simple cat of the file if 1 just do a

echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter

you may want to add an additional line into /etc/sysctrl.conf file so that you dont have to do it manually every time. Also make sure that your firewall rulles arent causing packets to be droped.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 stillbourne over 22 years ago

No you've just made a very common mistake make sure that /proc/sys/net/ipv4/conf/eth0/rp_filter is 0 not 1 you can look by doing a simple cat of the file if 1 just do a

echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter

you may want to add an additional line into /etc/sysctrl.conf file so that you dont have to do it manually every time. Also make sure that your firewall rulles arent causing packets to be droped.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data