OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: obrienmd on October 11, 2017, 01:02:28 am
-
After struggling with zerotier performance, I'm getting back into running routing protocols over GRE, with IPSec in transport mode. I have a pair on 17.7 (no point upgrades) seemingly working fine, but with my boxes on the current 17.7.5 point release, with the same configs, I have a few pairs that get good SAs, SPs, but cannot pass any traffic and show the following in the log whenever a packet tries to go out:
charon: 07[KNL] received invalid PF_ROUTE message
Searching for this ^ returns only a reference to the strongswan source code :)
When I ping one WAN IP from another (leaving GRE out entirely), I get:
ping: sendto: Permission denied
Does anyone have IPSec transport mode working on 17.7.5?