Project

General

Profile

Issue #3407

IPSEC ESP packets are not observed over SFTP

Added by Sowmya Pola 4 months ago. Updated 4 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
network / firewall
Affected version:
5.8.4
Resolution:

Description

Hi Team,

When we try to establish IPSEC connection, we are not observing ESP packets over SFTP connection.
Please guide us further in this if any settings are needed.

Please find the configuration files below.

conn testpkiServer
type=tunnel
right=2001:1b70:8294:4700::16
lifetime=1h
ike=aes256-sha512-modp4096
ikelifetime=1h
esp=aes256-sha512-modp4096-noesn
left=2001:1b70:8294:4435:3::16
keyexchange=ikev2
leftcert=testpkicert
leftid="CN=IPSEC,O=strongSwan,C=IN"
rightid="C=IN,O=strongSwan,CN=IPSEC"
auto=add

conn testpkiClient
type=tunnel
right=2001:1b70:8294:4435:3::16
lifetime=1h
ike=aes256-sha512-modp4096
ikelifetime=1h
esp=aes256-sha512-modp4096-noesn
left=2001:1b70:8294:4700::16
keyexchange=ikev2
leftcert=vpnClientCert.pem
leftid="CN=IPSEC,O=strongSwan,C=IN"
rightid="C=IN,O=strongSwan,CN=IPSEC"
auto=add

We have also tried with parameters leftsubnet=0::0/0(on Server) and rightsubnet=0::0/0(on Client), but FTP/SFTP connections are lost after sometime.

Please find more information as an attachment.

Thanks & Regards,
Sowmya Pola.

SFTP_Issue_logs.txt (17 KB) SFTP_Issue_logs.txt Sowmya Pola, 10.04.2020 15:09

History

#1 Updated by Tobias Brunner 4 months ago

  • Category set to network / firewall
  • Status changed from New to Feedback
  • Priority changed from High to Normal

Sounds like it could be an MTU/MSS issue.

Also available in: Atom PDF