[Openswan Users] Forcing port 4500

Paul Wouters paul at xelerance.com
Sat Feb 12 13:10:16 EST 2011

On Sat, 12 Feb 2011, Swartz, Patrick H wrote:

> After much trial-and-error, I think I have found the culprit – we have firewalls that are blocking port 500.  However, port 4500 is open.
> So my questions is – Can I force openswan to use port 4500 for everything?
> I have set  --“ forceencaps=yes ” – in the conn section of the openswan.conf file and “ nat_traversal=yes ” even though I’m not using
> NAT’ing just yet.
> However, after watching the /var/log/secure it looks like packets are still being sent out on port 500.

The first packet still goes out over port 500.

You can try adding this to config setup in ipsec.conf:

 	plutoopts="--ikeport 4500"

You might need to pick something other then 4500 to not interfere with the "jumping to 4500" though.

Let us know how this goes,


More information about the Users mailing list