There comes a time in life where you enable a high-level protection in your firewall, but you somehow forget the basics and that is where the problem lives..
These are some of the commands I use most, or, zimbra commands that were relevant to a very specific goal and i had to document them to avoid losing them :)
This is something that grind my gears: Limitations of the IPSec implementation, and lack of how-tos about the specifics at the title of this post.
That situation lead me to this “not so beautiful” solution, where i use client certificates do identify the peers.
Every time i’ve tried to create a site-to-site environment where the remote office had to forward everything to the main office (basically
0.0.0.0/0) before going to the internet i had to deal with these issues:
And after some days of lab, here is my recipe: