[Openswan Users] Iptables problem (netkey)

Marco Berizzi pupilla at hotmail.com
Fri Jan 11 03:48:15 EST 2008

Nicole Hähnel wrote:

> I don't really know which rules I've to add in my iptables script.
> I tried Peter's rules, but everything was dropped.
> But if I allow only protocol 4, excepting esp and udp 500, everything
> works fine!?
> Why?

As I said this is a know netfilter bug
you must accept protocol 4 (and 50 + udp500/4500)

> Using klips, I never saw any protpcol 4 packets.

this bug affect only netkey since >2.6.16

> What's the right way, policy match or masking packets?

if you are running >2.6.16 + iptables >1.3.5
go for policy match.

More information about the Users mailing list