[Openswan Users] It doesn't work
Stefan Denker
Stefan at dn-kr.de
Thu Nov 2 04:03:34 EST 2006
On Wed, Nov 01, 2006 at 10:10:37PM +0100, Turbo Fredriksson wrote:
>>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
> Paul> You should NOT allow unencrypted port 1701 udp. You should
> Paul> allow protocol 50 (not port 50) as specified with -p 50 (or
> Paul> -p esp).
> Oh... PROTOCOL 50... Oups.
> Protocol 50 on ANY port, or just port 500 and 4500?
There are no "ports" defined in protocol 50, so it's just
"iptables -I INPUT -p esp -j ACCEPT". Same for output and you're done!
:)
Stefan
--
Human kind cannot bear very much reality - or too much truth either.
[Penelope Lively]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20061102/0e3e7dcd/attachment.bin
More information about the Users
mailing list