natt 4500, was Re: [Openswan Users]
paul at xtdnet.nl
Thu Feb 3 02:11:21 CET 2005
On Tue, 1 Feb 2005 lidongli at ensemble.com.cn wrote:
> what's more about access control, for roadworrior, on the cisco router ,
> there is no restriction for internal clients ; on the linux box ,UDP 500,
> ESP(50),AH(51) had been allowed from and to the internet , accepted by
> output, input, and forward chain in iptables .
add UDP 4500 for IPsec NAT-T support.
> Feb 1 01:36:26 localhost pluto: ERROR: "roadworrior-net"
> 22.214.171.124:58868 #3: sendto on eth0 to 126.96.36.199:58868 failed in
> quick_outI1. Errno 1: Operation not permitted
I guess this is from udp4500 to usp port 58868 at the nat router in front of
the XP machine.
Allowing 4500 should fix this.
More information about the Users