verdnatura/vn-ansible
verdnatura
/
vn-ansible
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

8748_VPN_Conntrack #81

Merged
xavi merged 4 commits from 8748_VPN_Conntrack into main 2025-04-02 13:19:02 +00:00
Conversation 0 Commits 4 Files Changed 7 +7
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 0e073c7ba1 - Show all commits

7
roles/ipsec/defaults/main.yml
View File

@ -24,6 +24,13 @@ mangle_block: |
-A PREROUTING -p tcp -m policy --dir in --pol ipsec -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360
-A POSTROUTING -p tcp -m policy --dir out --pol ipsec -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "CT INVALID: "
COMMIT
config_and_logrotate:
- { src: vn.conf, dest: '/etc/strongswan.d/vn.conf' }
- { src: charon, dest: '/etc/logrotate.d/charon' }