[strongSwan] No traffic with compress=yes

Noel Kuntze noel at familie-kuntze.de
Thu Feb 9 18:41:38 CET 2017

Am 09.02.2017 um 18:39 schrieb Alexander Hill:
> I get connections apparently up, I see them in the output of ipsec status and ipsec leases, but no traffic across the link. Set compress=no on the server and issue ipsec reload, and the clients connect and communicate fine.

Read the part in the FAQ about IPsec and iptables/nftables[1].
Quote: "Packets that are compressed using the ipcomp option pass through some chains three times. 
Once as encapsulated packet, then as IP-in-IP packet and then as the actual packet. 
The protocol number depends on the encapsulated protocol. You need to allow the protocols in iptables and 
ip6tables depending on your tunnel configuration."

[1] https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#IPsec-and-iptablesnftables


Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170209/9f007af8/attachment.sig>

More information about the Users mailing list