natt 4500, was Re: [Openswan Users]
Paul Wouters
paul at xtdnet.nl
Thu Feb 3 02:11:21 CET 2005
On Tue, 1 Feb 2005 lidongli at ensemble.com.cn wrote:
> what's more about access control, for roadworrior, on the cisco router ,
> there is no restriction for internal clients ; on the linux box ,UDP 500,
> ESP(50),AH(51) had been allowed from and to the internet , accepted by
> output, input, and forward chain in iptables .
add UDP 4500 for IPsec NAT-T support.
> Feb 1 01:36:26 localhost pluto[319]: ERROR: "roadworrior-net"[2]
> 219.239.37.131:58868 #3: sendto on eth0 to 219.239.37.131:58868 failed in
> quick_outI1. Errno 1: Operation not permitted
I guess this is from udp4500 to usp port 58868 at the nat router in front of
the XP machine.
Allowing 4500 should fix this.
Paul
More information about the Users
mailing list