Re: [Shorewall-users] shorewall and Strongswan - possible incompatibility?

Wed, 30 Nov 2016 02:35:56 -0800 

Sorry for delay
I'm pretty sure those proto 4 IPIP is ESP  packets - I was using ping for
testing and was capturing them with tshark, and they were marked ESP there.



2016-11-30 1:24 GMT+03:00 Tom Eastep <teas...@shorewall.net>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 11/28/2016 10:19 AM, Tom Eastep wrote:
> > On 11/28/2016 09:07 AM, Tom Eastep wrote:
> >
> >
> >
> >> Do you have nested tunnels here? Normally, ESP packets would not
> >>  themselves require 'pol ipsec'.
> >
> >
> > It would probably be most useful if you would forward to me
> > personally the output of 'shorewall dump'. That way, I can see both
> > your Shorewall and IPSEC configurations.
> >
>
> I took another look at your report, and it looks like there is IPIP
> encapsulation occurring (PROTO 4, in the netfilter log entry). So
> again, it looks like there is some sort of nested tunneling occurring.
>
> - -Tom
> - --
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJYPgAzAAoJEJbms/JCOk0QBi0P/0Y+lg1bIdygF3f86wJEZ9dr
> 8Q5LhqagYKPPfjaGxItkwLO/fTFN6c2dVNHIqP7JeznMmpHE9VhoOCm5kPaJZfDf
> L5WuP3GULGDNKNMyQGEbvCrCmrblEDGi4l7+Qs88FTEWztEB2/UkBMOGwxLOhswh
> b47gosSmT1DANbpDsbAhFTIDlCdjBSK8j8HdjRhC2tXe0AS1JZrsMwy5lqEKU0UK
> j5TqompEvQkBFxk42lewbL55wTwZvOiJAsehT6uSh5oy/CEY5KeZpvC0rJsSQ6J1
> w/OjpHMl6dC1fiq4f/9PrSkLP+zPWvFgiqvi8LX0eqIqXp/nzLjeWl2YKBUMjcVB
> 5YI6Lyg46eWSaoOVAdR9JjIv4clZyjQ7M9nwjVCStruaPnr1yHWzHVz4jtLMcKtc
> 1F0+pXz//5kTnGeQ3hOxWsxaValZX70vqsSaq2Te7fBaIoj3z+cgR7U8E6Agayzl
> R4/A6xMjM+dAzqLbDVeVIV0dlwCHsuUPUeDdkdBfiruiaF9KLvVLdjdaT2sD6Q+Q
> NI6Cf8SOPa/LyFZ7V42oT9PzspLp/BX+YQkyOifChgX4D8bKp/zUB9KVV3M9TVxc
> iBfWwo8VsPRLlnST2H+RlCntvCTAZ91zJD9b021TD5Y6m5Y5R8wZDNN9B49/vXIb
> H9WaChyAMLoHZsv0PsxD
> =R1NJ
> -----END PGP SIGNATURE-----
>
> ------------------------------------------------------------
> ------------------
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

------------------------------------------------------------------------------

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to