Hello, I notice that when I create a tunnel between my router and my VPN machine to encapsulate the traffic of a client, the flow defined is not fully respected.
iked.conf on the router : ikev2 'foo' active esp \ proto tcp \ from $CLIENT_IP to any port https \ local $GATEWAY_IP peer $VPN_IP \ srcid $GATEWAY_FQDN dstid $VPN_FQDN The traffic from the client to any host on Internet is encapsulated even when the destination port is not https. Tested by connecting to ports SSH and SMTP to different Internet hosts, watching the output of : tcpdump -ne -i enc0 tcpdump -n -e -ttt -i pflog0 I tried to replace https by 443 in the config file but it does not change the result. Is it my mistake or a bug ? If it is a bug, can someone warn the dev ? I can not use the tool sendbug (SMTP connection blocked at home). Tested with OpenBSD v7.7 inside virtual machines. Regards.
