After installing Strongswan and testing a VPN connection with IPSec, the firewall blocks the connections. Everything works without the firewall rules.
First comes an IP-packet with low order number of the frame. It has a UDP (17) number and it is a fragment. After this comes the actual UDP-packet with the information of the ESP payload. How to add this to the 'ipf' -rules?
There is a man page with information: man -S5 ipf, keyword "agment". I still can't get it to work. The fragment comes first and the UDP packet it belongs to, second. Some caching fragments maby exists. It should be possible to filter these. How to?
escape
First comes an IP-packet with low order number of the frame. It has a UDP (17) number and it is a fragment. After this comes the actual UDP-packet with the information of the ESP payload. How to add this to the 'ipf' -rules?
There is a man page with information: man -S5 ipf, keyword "agment". I still can't get it to work. The fragment comes first and the UDP packet it belongs to, second. Some caching fragments maby exists. It should be possible to filter these. How to?
escape