Am 09.02.2017 um 18:39 schrieb Alexander Hill: > > I get connections apparently up, I see them in the output of ipsec status and > ipsec leases, but no traffic across the link. Set compress=no on the server > and issue ipsec reload, and the clients connect and communicate fine.
Read the part in the FAQ about IPsec and iptables/nftables[1]. Quote: "Packets that are compressed using the ipcomp option pass through some chains three times. Once as encapsulated packet, then as IP-in-IP packet and then as the actual packet. The protocol number depends on the encapsulated protocol. You need to allow the protocols in iptables and ip6tables depending on your tunnel configuration." [1] https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#IPsec-and-iptablesnftables -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
