Hello!
Every day I have a killing ike in the log on my router from the 169.228.69.212 IP address and a research-scan@sysnet.ucsd.edu domain.
Basically It’s a school in San Diego.
Has anyone encountered this problem?
What is the reported problem?
Hello,
I have the same problem from ip 169.228.66.212. Firewall error: identity not found for peer: RFC822: research-scan@sysnet.ucsd.edu.
It try to connect on port 500. The problem is that I cannot block this IP in the firewall 
05:16:09 ipsec,error identity not found for peer: RFC822: research-scan@sysnet.ucsd.edu
If you cannot block that port then block offending IP in Filter RAW without any logging.
Blocking through the filter raw works ok.
Thank you for the advice,
Why not add that domain or IP to an address list and dump it at the top of the firewall?
Performance-wise it should either be done in raw (to skip connection tracking machinery for those packets) or right after “accept established,related” rule(s) to skip evaluation of that rule for each and every packet passing firewall.