Hi,
I am configuring strongswan ikev2 server on my router by following the wiki link below:
[OpenWrt Wiki] IPsec Modern IKEv2 Road-Warrior Configuration
According to the wiki I should put the following firewall rules:
config rule 'ipsec_esp'
option src 'wan'
option name 'IPSec ESP'
option proto 'esp'
option target 'ACCEPT'
config rule 'ipsec_ike'
option src 'wan'
option name 'IPSec IKE'
option proto 'udp'
option dest_port '500'
option target 'ACCEPT'
However, I already have the default rules created by openwrt itself:
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
I assume I should modify them as wiki said. I just do not know if it will affect something else by modifying the existing rules?
Thanks