IPsec: Need to manually create firewall rules?


I noticed that I had to create firewall rules (red interface, UDP 500, etc.) to make my ipsec connection (roadwarrior, Win10) work again. Haven’t used this for a long time (since OpenVPN works way better), but nothing had been changed in the meantime, and it used to work before.

I’d assume that IPFire would create the necessary firewall rules automatically when I activated IPsec roadwarriors, but this doesn’t seem to be the case (blocked packets from my IP on UDP 500).

Maybe this is a bug?

IPFire 2.25 (x86_64) - Core Update 141


No, you do not need to do that. Those ports are automatically opened.

This could be a bug, but I do not recall that anything here was changed in around 15 years.

Got these rejects, until I opened the ports manually:
Mar 20 10:54:20 ipfire kernel: REJECT_INPUT IN=red0 OUT= MAC=00:16:01:03:d7:58:00:2c:c8:1a:78:d8:08:00 SRC=84.57.xx.xx DST=82.194.xx.xx LEN=652 TOS=0x00 PREC=0x00 TTL=118 ID=21290 PROTO=UDP SPT=61038 DPT=500 LEN=632

What should I check the output of “iptables --list” for to check if the expected rules are actually there?