[strongSwan] No traffic with compress=yes
Noel Kuntze
noel at familie-kuntze.de
Thu Feb 9 18:41:38 CET 2017
Am 09.02.2017 um 18:39 schrieb Alexander Hill:
>
> I get connections apparently up, I see them in the output of ipsec status and ipsec leases, but no traffic across the link. Set compress=no on the server and issue ipsec reload, and the clients connect and communicate fine.
Read the part in the FAQ about IPsec and iptables/nftables[1].
Quote: "Packets that are compressed using the ipcomp option pass through some chains three times.
Once as encapsulated packet, then as IP-in-IP packet and then as the actual packet.
The protocol number depends on the encapsulated protocol. You need to allow the protocols in iptables and
ip6tables depending on your tunnel configuration."
[1] https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#IPsec-and-iptablesnftables
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170209/9f007af8/attachment.sig>
More information about the Users
mailing list