Project

General

Profile

Issue #3407

IPSEC ESP packets are not observed over SFTP

Added by Sowmya Pola 7 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Category:
network / firewall
Affected version:
5.8.4
Resolution:
No feedback

Description

Hi Team,

When we try to establish IPSEC connection, we are not observing ESP packets over SFTP connection.
Please guide us further in this if any settings are needed.

Please find the configuration files below.

conn testpkiServer
type=tunnel
right=2001:1b70:8294:4700::16
lifetime=1h
ike=aes256-sha512-modp4096
ikelifetime=1h
esp=aes256-sha512-modp4096-noesn
left=2001:1b70:8294:4435:3::16
keyexchange=ikev2
leftcert=testpkicert
leftid="CN=IPSEC,O=strongSwan,C=IN"
rightid="C=IN,O=strongSwan,CN=IPSEC"
auto=add

conn testpkiClient
type=tunnel
right=2001:1b70:8294:4435:3::16
lifetime=1h
ike=aes256-sha512-modp4096
ikelifetime=1h
esp=aes256-sha512-modp4096-noesn
left=2001:1b70:8294:4700::16
keyexchange=ikev2
leftcert=vpnClientCert.pem
leftid="CN=IPSEC,O=strongSwan,C=IN"
rightid="C=IN,O=strongSwan,CN=IPSEC"
auto=add

We have also tried with parameters leftsubnet=0::0/0(on Server) and rightsubnet=0::0/0(on Client), but FTP/SFTP connections are lost after sometime.

Please find more information as an attachment.

Thanks & Regards,
Sowmya Pola.

SFTP_Issue_logs.txt (17 KB) SFTP_Issue_logs.txt Sowmya Pola, 10.04.2020 15:09

History

#1 Updated by Tobias Brunner 7 months ago

  • Category set to network / firewall
  • Status changed from New to Feedback
  • Priority changed from High to Normal

Sounds like it could be an MTU/MSS issue.

#2 Updated by Tobias Brunner about 1 month ago

  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No feedback

Also available in: Atom PDF