IPSec Protocol 4 (ipcomp) traffic dropped
Marco Berizzi
pupilla at hotmail.com
Fri Jan 19 09:18:50 CET 2007
Andrew J. Millar wrote:
> Basically, IPtables is seeing, and dropping protocol 4 (IP Payload
> Compression Protocol) packets relating to an OpenSwan IPSec tunnel as
Yes, it a know problem to the netfilter
team since 2.6.16-rcX
(https://lists.netfilter.org/pipermail/netfilter-devel/2006-February/023
387.html)
> Only when I add a rule to allow protocol 4 on HOST-A as follows, is
the
> attempt to reach HOST-A:22 successful.
>
> iptables -A INPUT -s BBB.BBB.BBB.BBB -d AAA.AAA.AAA.AAA -p 4 -j ACCEPT
Yes, this is a good workaround (for now).
More information about the netfilter
mailing list