We've come across a problem sending UDP packets through a tunnel when the tunnel goes through a firewall and I was hoping someone can explain/confirm what is going on (please).
Our machine sets up a tunnel to a secure gateway and then opens a UDP socket through that tunnel to a machine on the far side of the secure gateway. We have found that although we can send UDP packets to the far machine, the return UDP packets were not reaching the local application UNTIL we opened up the left UDP port in the firewall (all UDP ports are blocked by default). So, it appears that the UDP packets come through the tunnel, are decrypted and then looped-back through the firewall ? I'm not too keen on opening the firewall to all UDP packets using that UDP port number. Is there a more elegant method ? I've a sneaking suspicion someone is going to suggest setting left=firewall in ipsec.conf and letting charon call _updown to adjust the iptables ? I can imagine that charon knows how to invoke the __updown script with the correct left and right IP addresses, but how does it know which UDP ports we will be using through the tunnel ? Regards, Graham. P. S. As ever, if there is a webpage that explains this all, I would be glad of any pointers! _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users