Skip to main content
Super User

All Questions

Ask Question
Tagged with
8 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
0 votes
0 answers
185 views

To allow IPsec NAT-T traffic to pass through, why does the firewall still need to permit ESP when it already allows UDP 4500?

I established an IPsec VPN tunnel between two Juniper SRX routers across NAT, with the NAT being performed by the firewall (a Linux server). When attempting to configure the firewall rules to allow ...
phoebe61g's user avatar
phoebe61g
  • 1
0 votes
0 answers
158 views

Bandwidth control using traffic control `tc` on Strongswan ipsec connection

I am in the need to use traffic control tc to regulate the bandwidth. From what I known is that I can manage the bandwidth using the following DEV=eth0 RATE="100kbps" tc qdisc del dev $DEV ...
Ole K's user avatar
Ole K
  • 51
1 vote
0 answers
388 views

StrongSwan 5.9.1 (Debian Bullseye): Traffic from IPsec tunnel gets forwarded via Ethernet, but not via bridge

The following problem: I have a server that is, in addition to other tasks not relevant for the problem at hand, supposed to act as an IPsec gateway. When I'm using the Ethernet interface pointing to ...
Robidu's user avatar
Robidu
  • 265
1 vote
0 answers
2k views

iptables to nftables for iKEv2 IPSEC VPN server

Can someone please help in converting the below iptable rules to equivalent nftables rules? I have already tried to use iptables-translate, but it is not translating all of my rules... # accept ports ...
user2837961's user avatar
user2837961
  • 111
1 vote
0 answers
117 views

firewalld: Block non-ESP packets on interface in GNU/Linux similar to OpenBSD

I am trying to "enforce" IPSec (StrongSwan) traffic on openSUSE. On OpenBSD, with the IKE daemon iked and the packet filter pf, I employ a ruleset like the following, to ensure only ...
gecko's user avatar
gecko
  • 26
0 votes
0 answers
224 views

Configure L2TP/IPSec so the user identity is passed to iptables rule

Hi I'm pretty new to this so you'll have to be very explicit. I set up L2TP/IPSec on CentOS so that I can VPN. User identities are stored in the /etc/ppp/chap-secrets, mainly because that's how ...
Emmanuel's user avatar
Emmanuel
  • 181
5 votes
0 answers
6k views

How do I configure DD-WRT to forward IPSec traffic to an internal server to support a road warrior configuration?

I use dd-wrt as my home router setup and that's been working fine. Now I wanted to figure out a way to be able to use my iPad to set up a IPSec tunnel to my home network while I'm on the road. PPTP ...
jnman's user avatar
jnman
  • 193
0 votes
1 answer
3k views

will the left|rightfirewall option of StrongSwan open UDP 500/4500 and protocol number 50 on iptable?

I know the StrongSwan use UDP 500 and 4500 for IKE traffic and IP protocal number 50 for ESP packages. I am not sure the usage of left|rightfirewall option(http://wiki.strongswan.org/projects/...
sevenever's user avatar
sevenever
  • 744