DROP_CTINVALID ipsec Kerberos

How can I fix this?
I have an ipsec net2net tunnel between client and server.
Computer startup takes very long time due this.

Thanks and Kind Regards

Another IPFire which is gateway for the telecommunication also has such problem, see here: cant directly reach because of other subnet, thats why i created these following rules.

Maybe somebody can help me with the dropping packages, the users experience bad telephony availability and it must be fixed asap.

Here are the firewall rules:

I don’t understand your problem. and are elements of the same network ( your green network, I suppose). So there should be no problem in communication, especially if they are connected to the same switch(es). They should communicate directly, without IPFire.

The SNAT messages are generated by you ( unnecessary ) SNAT rules with logging enabled.

I have a and i have