[Openswan Users] Setting the IKE UDP port
Marcus Better
marcus+keyword+openswan.0a8cde at dactylis.com
Fri Jul 9 13:00:17 CEST 2004
Hi all,
I have a problem with a NAT router which requires me to change the IKE UDP
port from the default (500). I accomplished this on the initiating end for
the source port by putting plutoopts="--ikeport 5000" in ipsec.conf. How
can I also set the destination port for this particular connection to
something different from the default?
The reason for this is as follows: I am behind a NAT router that I do not
control, and that has decided I am not allowed to have anything to do with
port 500. Even if I use a different source port, but the destination port
is 500, the router will translate the source port also to 500. I verified
this using tcpdump on the receiving end of the connection. As a result,
the return traffic is sent to the router's port 500 and apparently blocked
there.
So if I can also set a different destination port, the router should pass
the traffic, and I should be able to use NAT-T to continue.
Marcus
More information about the Users
mailing list