-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 05/04/2017 04:12 PM, Tom Eastep wrote:
> > Sounds to me like you have an IPSEC configuration problem, with > IPSEC only being used in one direction. > Or, you may be using SNAT to force traffic to match the IPSEC Security policy. In that case, before SNAT, Netfilter doesn't know that the traffic is going to be encapsulated and encrypted, so it is treated as IPv4 rather than ipsec. - -Tom - -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJZDJcKAAoJEJbms/JCOk0QK18QAI9fP0QlJkC5/RQfAODuYz6R nuXRYl+u5y6aR2+zeKKxpHebdfjBnIbej+T7jIFiVmm/5LfQ0b26Gj2hMGSXVNXv 13dnNc5FUL7Fdagxs/9cyemsJDEzl41mnMYx0pLlUnhEPNIjWqywMTUu7yzwV/vg bg7r2exgnJX//Q9F+9AmuhxWN5fRJKuUceKZ2ilidbvO4AC4SxQgAe5yytp3/zIG 47Us/4H1tL34fIGSKmAlp5QcP8B7ObBqA/dUTwEEekUiEcoOrJ8gR7+ANP1wlHMm TMf7TSo/d8YkPov9xmQGJqQsW4xp0TUuPNYNTudwQraQyKe/zIe4UVFgRuo2TpEr dBZ9Ttd3HPtyD8/jrmzT87KAMK6mBGP+Y1xKTgLUV0+ngffHltfl/cOXzEcwUfgQ +AKs4VUMnKuvidZNATIQCnCHifOrBYYPEQPYrElusJCPZXmODkB77HthCSdJVvRE jiP4wZT+1CVTaVg2SaJi1esjxof5ZFzD0kVZnkZ1JixFwke8l5QriWkSOyaZeAAo rLGD5/UBEYcR8Yx48YRe5u9mqOFzUTileGEASvI28pYi+2YSdcxUHvuoFqLDiQHo tkTL48fI/8W6b1nnVYK6DSLbTaVQT87wLc+ZviIXD+tp3etPvE17IW2woEYFWmMC jRYk6RXgJheNzkwDMLty =H5Hs -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
