[strongSwan] Win 8.1 fails to connect - error 809 - fragmentation problem?

Conrad Kostecki ck+strongswanusers at bl4ckb0x.de
Mon Jun 8 01:04:01 CEST 2015

Hello Noel,

> Use stateful firewalling. See [1] for a good template to start out 
> with.
> Forwarded traffic passes through the filter table in the FORWARD chain.
> Only traffic destined for the host itself goes through the filter table
> in the INPUT chain.
> See this[2] diagram for details.
> Some more information about firewalling on linux can be reached
> over the other links[3][4][5][6].

Sorry! I should have been more clear. It's a little bit late :(
For my understanding I am using already stateful firewalling.

This is my iptables script @ linux router:
-> http://pastebin.com/7068V5y8

$IPTABLES --append INPUT --in-interface $PPP_IF --match conntrack 
$IPTABLES --append FORWARD --in-interface $PPP_IF --match conntrack 

So shouldn't pass the ipsec traffic?

P.S.: Windows has currently not enabled any firewall.


More information about the Users mailing list