[strongSwan-dev] Setting src port for ipsec
Andreas Steffen
andreas.steffen at strongswan.org
Tue Dec 14 05:58:23 CET 2010
Hello John,
iptables rules for UDP ports 500 and 4500 as well as ESP protocol 50
are not set by strongSwan but must be configured externally.
strongSwan's _updown script just inserts and deletes INPUT, OUTPUT
and FORWARD IPsec policy rules to allow plaintext traffic that is
being tunneled.
http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/_updown/_updown.in;h=2c742c0103f9309fbbb1674d20fc3cebc10f383b;hb=HEAD
Regards
Andreas
On 12/14/2010 01:12 AM, John Parker wrote:
> Hi folks
>
> can you point me to where in StrongSwan the iptables rules are set, in
> particular the rule which limits the src port to 500.
>
> I've poured over the source with grep etc and got no where.
>
> Many thanks
>
> John
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Dev
mailing list