If there is no NAT you need to open protocol 50 ESP (not port, protocol) Sent from my phone
> On Aug 30, 2018, at 18:59, John Crisp <jcr...@safeandsoundit.co.uk> wrote: > >> On 28/08/18 21:56, Paul Wouters wrote: >> >> >> could this be due to a RELATED iptables rules that only allows replies ? >> > > > Just found it. I have a Firewall on the hosting at vultr where the two > VMs are. It has the following basic firewall rules and each server has > the same rule set applied (they have their own firewalls too) > > accept ICMP - 0.0.0.0/0 > accept TCP 80 0.0.0.0/0 > accept TCP <SSH port> 0.0.0.0/0 > accept TCP 443 0.0.0.0/0 > accept TCP 465 0.0.0.0/0 > accept UDP 500 0.0.0.0/0 > accept UDP 4500 0.0.0.0/0 > drop any 0-65535 0.0.0.0/0 > > For whatever good reason when I removed the servers from my hosting > providers firewall group the pings suddenly flowed..... ! > > Not sure what else I'd need to open to let pings across the VPN through!!! > > The servers own firewall seems to be quite happy with the same rules as > above. > > _______________________________________________ > Swan mailing list > Swan@lists.libreswan.org > https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan