[Openswan Users] firewall and certificates
Norman Rasmussen
normanr at gmail.com
Mon Jul 25 11:25:59 CEST 2005
You should NEVER forward port 1701! The whole idea is that you're
forcing the l2tp traffic to go via ipsec. If you forward 1701, you
practically remove the ipsec protection.
On 24/07/05, Paul Wouters <paul at xelerance.com> wrote:
> On Sun, 24 Jul 2005, Rob Mokkink wrote:
>
> > The vpn server is behind a shorewall firewall, the following ports are
> > dnatted udp ports: 1701, 500 , 50 , 4500
>
> 50 is PROTOcol 50, not PORT 50
> And for l2tp (ipsec in transport mode) it is 51.
>
> Paul
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the Users
mailing list