cancel
Showing results for 
Search instead for 
Did you mean: 

PostgreSQL connection not getting established with IPSEC enabled

Journeyer

PostgreSQL connection not getting established with IPSEC enabled

I've been trying to establish IPSEC connection rule for my Windows 10 Enterprise 2016 LTSB and Windows Server 2016, both are Workgroup machines.
The authentication method that I'm trying to establish is "using NTLMv2". I have PostgreSQL 9.4.12 running on my server machine.But, the PostgreSQL connection is not getting established with rules given for the same.

I've added inbound rule in the server(Windows Server 2016)
Properties of the inbound rule are:
1) Rule type is Custom rule
2) Applies to all programs
3) Protocol Type is TCP and port(Local port) is 5432.
4) The IP addresses(local and remote) that the rule apply to are any IP addresses
5) Action is Allow the connection if it is secure with customize option as Require the connections to be encrypted.
6) Authorised users and Exceptions are not added.
7) Profile to which the rule is added in Private.

An outbound rule is added in client.
The properties of the rule are:
1) Rule type is Custom rule
2) Applies to all programs
3) Protocol Type is TCP and port(Remote port) is 5432.
4) The IP addresses(local and remote) that the rule apply to are any IP addresses
5) Action is Allow the connection if it is secure with customize option as Require the connections to be encrypted.
6) Authorised users and Exceptions are not added.
7) Profile to which the rule is added in Private.

A connection security rule is added with the properties:
1) Rule type is Isolation
2) Requiremennt of authentication is Request authentication for inbound and outbound connections.
3) Authentication method chosen is in Advanced -> Customize -> First Authentication -> Add -> NTLMv2
4) Profile where the rule is to be applied is Private

It is working fine, when the authentication rule is preshared key.
I've checked with Wireshark and found that all the communication between client and server were on protocol ISAKMP. 
Can somebody point out what I'm doing wrong over here? 

Tags (2)
1 REPLY
Highlighted
Moderator

Re: PostgreSQL connection not getting established with IPSEC enabled

Hi, I am not an expert on networking or windows adminitration, but can you try to approach the issue by dividing it into two separate arenas::

 

1. Is the request reaching Postgres? you can increase the logging to debug and see if it is getting recorded and if postgresql logs show any errors?

2. Increase logging at the OS level to see if it is getting rejected at the OS level itself due to rules and not reaching postgres at all.

 

If the issue falls in the first category, you can post the results back in this thread and maybe we can carry on from there, but if it is the later, then you will need to find an alternate platform to find the solution.