>It looks like 'keep state (if-bound)' iked.conf(5) is not present or being respected on the return traffic to the VPN device/firewall from your internal network. ICMP traffic is coming into the VPN device >encrypted, being decrypted and passed to the destination. The destination responds back but the VPN device is not taking those responses and pushing them back through enc0.
Thank you for your response Jason.
Here is the relevant pf.conf configuration, keep state (if-bound) is there, so I don't think it's the cause of the problem :
pass inet proto udp from 192.168.1.109 to bge0 port 500
pass inet proto esp from 192.168.1.109 to bge0
pass on bge0 proto ipencap keep state (if-bound)
pass inet from 192.168.9.208 to vlan0:network
No comments:
Post a Comment