From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Incoming ESP Packets disappear Date: Mon, 04 May 2020 16:03:13 +0100 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2017316385494316617==" List-Id: --===============2017316385494316617== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Stephan, What is the output of =E2=80=9Cipsec statusall=E2=80=9D on both systems? Best, -Michael > On 30 Apr 2020, at 22:28, Stephan Mending wrote: >=20 > Hello, >=20 > I have a situation. ;) >=20 > It looks like the following: >=20 >=20 > (SRV-01) ----------- (IPFIRE) -------orange------- (SRV-02) >=20 > public-IP 192.168.0.100 >=20 >=20 > SRV-01 is hooked up to the ipfire via a roadwarrior IPsec connection. Estab= lishment of the tunnel works as one would expect it. >=20 > ping from SRV-02 to SRV-01 works fine and passes through the tunnel. So far= , so good. >=20 > ping from SRV-01 to SRV-02 does not. >=20 >=20 > Iptables is blocking ? No, I did check that. Nothing. >=20 > IPS ? No, neither. >=20 >=20 > So what's the matter ? When watching the interface using tcpdump I can see = ESP packets and afterwards its unencrypted icmp echo request content (both on= ppp0). That is the end. >=20 > And the packet has never been seen any after. >=20 > Anyone an idea? >=20 >=20 > (Yes the SRV-02 accepts incoming icmp type 8 and outgoing type 0) >=20 >=20 > Best regards, >=20 > Stephan >=20 >=20 --===============2017316385494316617==--