Hello everyone.
Short version:
FreeBSD 12.0
IPSec via StrongSwan.
tcpdump:
sockstat:
pfctl -s rules -P
Why my FreeBSD sends ICMP about UDP port 500 unreachable when I have daemon binded to that port?
Details:
After I've changed ISP, L2TP connection don't work anymore.
New ISP delivers internet via PPPoE, old one had straight connection.
All I did to FreBSD and services configurations is just changed staic IP from old to new and changed name of interface in PF config file.
And I swear to god, it worked first day, I have log : )
After that I wrote script that checks internet availability and runs services after PPP establishes connection and reboot, I guess after that IPSec stopped working.
I have no idea why it happens. IPSec don't work now even if all services is stopped and that script suspended too.
SSHD via TCP and OpenVPN via UDP work fine when I run them.
Short version:
FreeBSD 12.0
IPSec via StrongSwan.
tcpdump:
Code:
IP 1.1.1.1.61160 > 2.2.2.2.500: isakmp: phase 1 I ident
IP 2.2.2.2 > 1.1.1.1: ICMP 2.2.2.2 udp port 500 unreachable, length 444
sockstat:
Code:
root charon 1367 13 udp4 *:500 *:*
root charon 1367 14 udp4 *:4500 *:*
pfctl -s rules -P
Code:
pass in quick on tun0 inet proto udp from any to 2.2.2.2 port = 500 keep state
Why my FreeBSD sends ICMP about UDP port 500 unreachable when I have daemon binded to that port?
Details:
After I've changed ISP, L2TP connection don't work anymore.
New ISP delivers internet via PPPoE, old one had straight connection.
All I did to FreBSD and services configurations is just changed staic IP from old to new and changed name of interface in PF config file.
And I swear to god, it worked first day, I have log : )
After that I wrote script that checks internet availability and runs services after PPP establishes connection and reboot, I guess after that IPSec stopped working.
I have no idea why it happens. IPSec don't work now even if all services is stopped and that script suspended too.
SSHD via TCP and OpenVPN via UDP work fine when I run them.