[strongSwan] Best practices for connection tracking and IPSec

Noel Kuntze noel at familie-kuntze.de
Wed Sep 30 15:39:28 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Tom,

Why don't you simply allow all traffic over the tunnel or to and from hosts that use protocols that need conntrack helpers?

- -- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWC+YNAAoJEDg5KY9j7GZYw0EP/3pSA4r05r5yHkSyfLDZHxZQ
KFYFcBCiAwjys+UQUt659RhRayE2MmzzAPQFBuCXkqftaWb1uNCbf4sv7SZ1PDLo
z0yeRGaI6l01EFZP22wgSIIlMPBYZ87E6auSPZLJZyOxFL/GlVIKr6+JqKt/jSmZ
VLohCXR/crfijyjo4yrZ7hWisScSYeQoEVqk9TMEfPeHJKwhp87kCG5ISwbclkmW
cWBxYT1bpi1GRyr9Lfa5VFHlsYu6bN9rEFxWIlI3T3Z+xc3jyq7DU4EOSm+hOr5o
Yto1BR6i438FjSKHuS6Muij6FRaUwslx5g6uodk/rTikIoKKIJBS2H81wHCq5jG1
630EhNHmQjLV+c5t/RnOzDxkYvDfTv7ffbDMXvJeQ71Df5O17dswkWwKYpFkz129
7BMCLrlQnWQVMPtthSuD7T/Fk4MbgMFmMa2HWP7XwPSDf/peFEDBphrTQRHlMxJo
0qWjpH1/a8UUKHxc7dVGgrpHtH6dTeaYGz/AOej9uiVkgakI1SUUDM7uMal6IHTe
E+0mC9FbEAhYw3HAdsHy7ARdn7+QKorN9GMGFDdmyV41j/SRKmKuzI0wf/fej+tM
5Fih5ckhMQuiM2wkpYAYvdfvz9PXVLiz3YWQBVAV0WJe8wXTsqrbOQAytMXG+42h
2kdZg+uerhYbKLigxHCX
=BC3C
-----END PGP SIGNATURE-----



More information about the Users mailing list