[Swan] one way ping
Paul Wouters
paul at nohats.ca
Thu Aug 30 23:18:30 UTC 2018
If there is no NAT you need to open protocol 50 ESP (not port, protocol)
Sent from my phone
> On Aug 30, 2018, at 18:59, John Crisp <jcrisp at safeandsoundit.co.uk> wrote:
>
>> On 28/08/18 21:56, Paul Wouters wrote:
>>
>>
>> could this be due to a RELATED iptables rules that only allows replies ?
>>
>
>
> Just found it. I have a Firewall on the hosting at vultr where the two
> VMs are. It has the following basic firewall rules and each server has
> the same rule set applied (they have their own firewalls too)
>
> accept ICMP - 0.0.0.0/0
> accept TCP 80 0.0.0.0/0
> accept TCP <SSH port> 0.0.0.0/0
> accept TCP 443 0.0.0.0/0
> accept TCP 465 0.0.0.0/0
> accept UDP 500 0.0.0.0/0
> accept UDP 4500 0.0.0.0/0
> drop any 0-65535 0.0.0.0/0
>
> For whatever good reason when I removed the servers from my hosting
> providers firewall group the pings suddenly flowed..... !
>
> Not sure what else I'd need to open to let pings across the VPN through!!!
>
> The servers own firewall seems to be quite happy with the same rules as
> above.
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list