Dreadbit

Comments

@Zyxel_Stanley thanks for your help, dropped you a private message.

in Several Site-to-site with Dynamic Peer IKE1 connection -- wrong Phase2 for Phase1 Comment by Dreadbit January 2021
@Zyxel_Stanley , thanks for reply.That did not help. I set a unique Local ID type on server/incoming side and also changed Peer ID to unique (and it matches with the caller).As before -- phase I is ok, and phase II is selected the wrong way.

in Several Site-to-site with Dynamic Peer IKE1 connection -- wrong Phase2 for Phase1 Comment by Dreadbit December 2020
Thanks. Very pity to hear that radius can be used for Authentification but not for Authorization...

in USG: IPSEC modeconfig and radius questons Comment by Dreadbit October 2020
Ok, that's my case: I have IPSEC tunnel with local side 10.0.Y.1/24 and remote side 10.0.X.1/24. Over this IPSEC tunnel I have 6in4 tunnel. If the IPSEC tunnel gots disconnected, 6in4 (locally generated) tries to send data to 10.0.X.1. And it leaks (my *unencrypted* 6in4 traffic) to default route to wan, because IPSEC is…

in Block traffic to WAN from Zywall itself Comment by Dreadbit June 2020
I do not need switch + port mirroring for that to see what's happening. Just traceroute to some locally unexisting RFC1918 net shows the traffic goes to defaultroute & wan.

in Block traffic to WAN from Zywall itself Comment by Dreadbit June 2020