Page MenuHomeVyOS Platform

Allow VyOS Firewall to Match Outbound IPSec Traffic
Open, NormalPublicFEATURE REQUEST

Description

See https://forum.vyos.io/t/dmvpn-gre-routed-clear-text-when-ipsec-down/9190/24

Specifically, from here down

I would like to be able to block outbound unencrypted GRE and allow it through IPSec as shown in the linked comment.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Event Timeline

Do you have a proposed cli format?

@n.fort Maybe set firewall name <name> rule <rule> ipsec match-gre? This feels a bit hacky though... Almost like match should be its own block and contain ipsec, none, or gre

dmbaturin triaged this task as Normal priority.Jan 10 2024, 10:47 PM
dmbaturin added a project: VyOS 1.5 Circinus.