[Openswan Users] Asynchronous network error w/ Android 2.3 and NAT on both sides

Paul Wouters paul at nohats.ca
Wed Feb 22 09:45:10 EST 2012

On Wed, 22 Feb 2012, Corrado Primier wrote:

> I suspected this one too, but I found 500/tcp in /etc/services in all
> the distros I use, so I thought I'd ask.

I have never heard or seen IKE on tcp 500. But you are right in that my
/etc/services lists that too.

>> It's an arms race. If people block port 500/4500 because they don't
>> want vpn, and tcp 10000 works, then if too many do that they will
>> block that port. Then we have to move again, until we have turned
>> into skype.
> So basically I am (we are) screwed :) I'll have a fun time trying to
> explain this to the client. Thanks for all your help.

It's an issue that keeps coming back. The network admin vs the end user.
When is the admin right to block VPNs, and when is the user right to
override the admin? When I'm on a local bank network, it seems proper to
block my VPN. But when a country-wide blocking of VPN is taking place,
how legit do I find that (and how do actual local laws interpret any
circumvention of such a block).


More information about the Users mailing list