ufw blocks ipsec
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw |
Fix Released
|
Medium
|
Jamie Strandboge | ||
ufw (Ubuntu) |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Maverick |
Fix Released
|
Medium
|
Jamie Strandboge |
Bug Description
I've had IPSEC working between the Linux machines on my network for about a year using Firestarter as the firewall. I recently decided that I should probably switch to ufw since Firestarter isn't supported anymore, but since then I've found that IPSEC negotiations are unreliable: today, for example, I could see that one of the machines thought it had negotiated an IPSEC connection to another, but no messages were getting through to the other machine.
Looking at the log files I see lots of messages along the lines of:
Jul 18 01:20:23 nightmare kernel: [ 17.670844] [UFW BLOCK] IN=eth0 OUT= MAC=xxxx SRC=xxxx DST=xxxx LEN=120 TOS=0x00 PREC=0x00 TTL=64 ID=6954 DF PROTO=AH SPI=0xbd5df15
So what I don't understand is:
1. Why ufw is blocking a protocol that it apparently gives you no control over? I can't tell it to allow or block AH or ESP.
2. Why it sometimes blocks the protocol and sometimes doesn't?
ufw --version:
ufw 0.30pre1-0ubuntu2
Copyright 2008-2010 Canonical Ltd.
This is Ubuntu 10.04 with the most recent updates.
Related branches
Changed in ufw: | |
status: | New → Confirmed |
Changed in ufw: | |
status: | Confirmed → In Progress |
Changed in ufw (Ubuntu Maverick): | |
importance: | Undecided → High |
importance: | High → Medium |
Changed in ufw (Ubuntu Lucid): | |
importance: | Undecided → Medium |
Changed in ufw: | |
importance: | Undecided → Medium |
Changed in ufw: | |
status: | Fix Committed → Fix Released |
no longer affects: | ufw (Ubuntu Lucid) |
Thanks for the report. I committed a changes to trunk to allow specifying the 'esp' and 'ah' protocols.