[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: ipfilter v4.1.8 && ESP (vpnc)
From:       Darren Reed <darrenr () reed ! wattle ! id ! au>
Date:       2007-05-09 9:49:14
Message-ID: 4641991A.1010902 () reed ! wattle ! id ! au
[Download RAW message or body]

Matthias Apitz wrote:
> Hello,
>
> We run the above IPfilter as firewall and trying to establish
> a connection to a customer with the VPN client (vpnc version 0.3.3);
> the authentication is fine (done via UDP 500) but the later trafic
> in the tunnel is send as ESP:
>
> 10:31:16.588390 IP 193.31.10.34 > xxx.xxx.xxx.xxx: ESP(spi=0x4abc123a,seq=0x215), length 108
>
> and of course blocked in the IPfilter as:
>
> May  8 10:31:17 cazador ipmon[361]: 10:31:16.588404 em1 @0:100 b 193.31.10.34 ->
>  xxx.xxx.xxx.xxx PR esp len 20 (128) OUT
>
> I've Google'd around a bit and it seems that the ipf.rules file
> accepts as proto not only (as written in the man page):
>
> 	protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber
>
> but also "esp". Is there any newer man page available or any other
> things to know about using ESP && IPfilter? Thx in advance
>   

Any protocol name found in /etc/protocols can be used.
There are no special filtering fields available for use with ESP and
IPFilter
so all you can filter on are addresses.
If you were feeling lucky, I'd recommend using the ipsec proxy but there
are some unresolved problems there..

Darren

[prev in list] [next in list] [prev in thread] [next in thread]