[Openswan Users] Shouldn't this be NATed?

[Paul Wouters]

On Sun, 25 Sep 2011, James Nelson wrote:

> My netstat isn't showing anything from 500 or 4500- should it?

On UDP yes, not on TCP.

> ACCEPT     udp  --  anywhere             anywhere            udp spt:4500
> dpt:4500

This does not cover the fact that the client might be behind NAT, so the
port moves from 4500 to whatever the NAT router picks. You need to allow
4500 <-> randomg high ports

Paul