[Openswan Users] NAT & noNAT
Paul Wouters
paul at xelerance.com
Wed Sep 21 15:48:41 EDT 2011
On Wed, 21 Sep 2011, Pete Ashdown wrote:
>> Do you have rightprotoport=17/%any ?
>
> I have what the example has:
>
> # Using the magic port of "0" means "any one single port". This is
> # a work around required for Apple OSX clients that use a randomly
> # high port, but propose "0" instead of their port.
> rightprotoport=17/0
that's not in my example.....
>> Is this a recent openswan?
> 2.6.35
You're example is not:
[paul at bofh openswan.git]$ git blame programs/examples/l2tp-psk.conf.in |grep rightprotoport
b646bfd9 (Tuomo Soini 2011-03-10 17:48:40 +0200 45) rightprotoport=17/%any
git show tells us:
@@ -30,11 +35,10 @@ conn l2tp-X.509
right=%any
rightca=%same
rightrsasigkey=%cert
- # Using the magic port of "0" means "any one single port". This is
+ # Using the magic port of "%any" means "any one single port". This is
# a work around required for Apple OSX clients that use a randomly
- # high port, but propose "0" instead of their port. If that does
- # not work, try 17/%any
- rightprotoport=17/0
+ # high port.
+ rightprotoport=17/%any
rightsubnet=vhost:%priv,%no
Paul
More information about the Users
mailing list