[Openswan Users] It doesn't work

Stefan Denker Stefan at dn-kr.de
Thu Nov 2 04:03:34 EST 2006

On Wed, Nov 01, 2006 at 10:10:37PM +0100, Turbo Fredriksson wrote:
>>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
>     Paul> You should NOT allow unencrypted port 1701 udp. You should
>     Paul> allow protocol 50 (not port 50) as specified with -p 50 (or
>     Paul> -p esp).
> Oh... PROTOCOL 50... Oups.
> Protocol 50 on ANY port, or just port 500 and 4500?

There are no "ports" defined in protocol 50, so it's just
"iptables -I INPUT -p esp -j ACCEPT". Same for output and you're done!


Human kind cannot bear very much reality - or too much truth either.
[Penelope Lively]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20061102/0e3e7dcd/attachment.bin 

More information about the Users mailing list