ipsec vpn passthru?

[nrf]

I am happy to now be able to use suricata on my n40L with this release. but in exchange for that benefit, now I cannot use my ipsec vpn client which was working fine on previous release - a daily driver for me. I thought there might be some plugin needed but didn't find any related to passthru. puttering around in the forums I found some comments about nat rules for port 500, and I do have one that seems to come from setting up my openvpn server.

did I miss something in the release notes that I need to enable for ipsec passthru?

thanks in advance for your help.

and as I tweeted, the major upgrade went so well!!!! impressive!!!!

[nrf]

bump? no help for this?
I'd like my work computer to have the benefit of this firewall....

[franco]

Hi nrf,

Not sure what the issue is? Do you talk about a change in behaviour from 16.7 to 17.1? We're on 17.7 now and it's hard to cover hundreds of individual changes that could be responsible.


Cheers,
Franco

[nrf]

thanks for getting back to me. I posted here originally as this is the point at which it stopped working and I had to make alternate arrangements for my work pc. in the past I would have tried some other package but opnsense is otherwise very satisfying to me. whatever was done has 'stuck' as I keep trying from time to time as I upgrade to the newer versions, hoping it would have gotten corrected.

when I attempt to set up the work client it tells me it timed out and I must have a firewall that is dropping udp packets.

(specifically I use the AT&T Global Network Client for vpn and the configuration is for "Managed VPN - IPSec)

[nrf]

just a thought, if I set up an openvpn service, does that keep ipsec clients from passing thru by interfering with authentication port?

[franco]

Hi nrf,

Sorry, this slipped through again.

IPsec does not interfere with OpenVPN.

You are forwarding IPsec to an internal server?

Have you tried add the sloppy state tracking advanced feature in the rules that pass the traffic through?


Cheers,
Franco