Andrew J. Millar wrote: > Basically, IPtables is seeing, and dropping protocol 4 (IP Payload > Compression Protocol) packets relating to an OpenSwan IPSec tunnel as Yes, it a know problem to the netfilter team since 2.6.16-rcX (https://lists.netfilter.org/pipermail/netfilter-devel/2006-February/023 387.html) > Only when I add a rule to allow protocol 4 on HOST-A as follows, is the > attempt to reach HOST-A:22 successful. > > iptables -A INPUT -s BBB.BBB.BBB.BBB -d AAA.AAA.AAA.AAA -p 4 -j ACCEPT Yes, this is a good workaround (for now).
