Score:0

How to silence ipsec server?

zw flag

I'm new at ipsec. Using libreswan 3.25-9.1.el7_8 on CentOS7.

I'm able to get a connection working, and follow the documentation, but cannot find how to silence the pluto process so it doesn't respond to external scans. the symptom is:

Dec 08 23:41:43 me-beta-51 pluto[29699]: packet from x.x.x.x:500: initial parent SA message received on x.x.x.x:500 but no suitable connection found with IKEv2 policy
Dec 08 23:41:43 me-beta-51 pluto[29699]: packet from x.x.x.x:500: responding to SA_INIT message (ID 0) from x.x.x.x:500 with unencrypted notification NO_PROPOSAL_CHOSEN

I would like pluto to neither respond to the remote, nor log these attempts (ie, "failureshunt=drop" or such), but I don't have the experience to know how to set up a wildcard "suitable connection"; The purpose is to harden the server against scans and DOS (the server's HD doesn't need to fill up with these messages)

Any insight would be appreciated!

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.