[Openswan Users] Forcing port 4500

Swartz, Patrick H Patrick.Swartz at firstdata.com
Sat Feb 12 11:46:25 EST 2011


  

Hi All,

 

I am a trying to get several host-host tunnels configured and have
successfully created the tunnels as long as the servers were in the same
subnet. But when I try to cross through to a different subnet within our
company I can't make a connection. Phase 1 never successfully
negotiates.

After much trial-and-error, I think I have found the culprit - we have
firewalls that are blocking port 500.  However, port 4500 is open. So my
questions is - Can I force openswan to use port 4500 for everything?

I have set  --" forceencaps=yes " - in the conn section of the
openswan.conf file and " nat_traversal=yes " even though I'm not using
NAT'ing just yet.

 

However, after watching the /var/log/secure it looks like packets are
still being sent out on port 500.

 

Feb 12 00:17:12 r9tvmp502 pluto[19779]: | handling event
EVENT_RETRANSMIT for <invalid> "r9tvmp502-jerry" #1

Feb 12 00:17:12 r9tvmp502 pluto[19779]: | sending 592 bytes for
EVENT_RETRANSMIT through eth0:500 to 167.16.139.24:500 (using #1)

Feb 12 00:17:12 r9tvmp502 pluto[19779]: | inserting event
EVENT_RETRANSMIT, timeout in 40 seconds for #1

 

I'm using 

RHEL5.3 and  

" Linux Openswan U2.6.21/K2.6.18-128.el5 (netkey)" on one side

And 

"Linux Openswan U2.6.14/K2.6.18-128.el5 (netkey)" on the other side

 

Please, any help would be very much appreciated !! 

 

Patrick Swartz
UNIX Planning & Engineering (DSUSSE)

First Data 
402-777-7337 desk

402-201-1192 Company cell
402-871-8981 Personal cell

 




-----------------------------------------
The information in this message may be proprietary and/or
confidential, and protected from disclosure.  If the reader of this
message is not the intended recipient, or an employee or agent
responsible for delivering this message to the intended recipient,
you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this communication in error, please notify First Data
immediately by replying to this message and deleting it from your
computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110212/df3ae103/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 69751 bytes
Desc: image001.gif
Url : http://lists.openswan.org/pipermail/users/attachments/20110212/df3ae103/attachment-0001.gif 


More information about the Users mailing list