natt 4500, was Re: [Openswan Users]

Paul Wouters paul at
Thu Feb 3 02:11:21 CET 2005

On Tue, 1 Feb 2005 lidongli at wrote:

> what's more about access control, for roadworrior, on the cisco router ,
> there is no restriction for internal clients ; on the linux box ,UDP 500,
> ESP(50),AH(51) had been allowed from and to the internet , accepted by
> output, input, and forward chain in iptables .

add UDP 4500 for IPsec NAT-T support.

> Feb  1 01:36:26 localhost pluto[319]: ERROR: "roadworrior-net"[2]
> #3: sendto on eth0 to failed in
> quick_outI1. Errno 1: Operation not permitted

I guess this is from udp4500 to usp port 58868 at the nat router in front of
the XP machine.

Allowing 4500 should fix this.


More information about the Users mailing list