[Openswan Users] It doesn't work

Turbo Fredriksson turbo at bayour.com
Wed Nov 1 16:10:37 EST 2006

>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:

    Paul> You should NOT allow unencrypted port 1701 udp. You should
    Paul> allow protocol 50 (not port 50) as specified with -p 50 (or
    Paul> -p esp).

Oh... PROTOCOL 50... Oups.

Protocol 50 on ANY port, or just port 500 and 4500?

CLOSING 1701 is done now though.

    Paul> The tunnel, which is established over IKE works, but I think
    Paul> you do not allow the ESP packets through, so after a minute
    Paul> of failing, the iwndows client hangs up.

I see. I'll have a look at how to modify my firewall to allow that.

More information about the Users mailing list