However, this was not taking place due to the position gateway initiated packets enter the chain, thus not getting marked for encryption (or something like that).Ĭonverting the tunnel to route based VPN worked perfectly as I thought. No matter how I went about it initially, there was no configuration that would cause the packet to get encrypted, and I think this is due to where gateway initiated traffic starts in the chain, it doesn’t enter from the start of the inbound chain like a normal traversal packet would.Īt the early stages of the inbound chain a flag (or similar) must get attached to the packet to mark it for encryption so that when it reaches the end of the outbound chain it gets encrypted (at least, this is how it works in other firewall vendors, and the behavior seems similar based on what I’m seeing). however, I actually used route based VPNs to achieve this. ![]() ![]() ![]() You're right with sk31692, I found that you could use implied_f to force all sorts of gateway initiated traffic over the VPN.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |