[strongSwan] ike_sa_init on port 4500
Martin Willi
martin at strongswan.org
Thu Feb 24 09:26:46 CET 2011
Hi,
> Is it possible to make strongswan send message 1 ike_sa_init on port
> 4500 instead of 500 ?
Yes, starting with 4.4.0, charon supports the left-/rightikeport
ipsec.conf options. Setting rightikeport=4500 initiates directly to port
4500.
> it does need the 4 zeros at the beginning to tell it's not an esp
To add the non-esp marker, use a local port different from 500 by
setting leftikeport=4500, too.
The default socket listens on port 500 and 4500 only, so any different
leftikeport won't work. There is a special initiator-only socket
implementation called socket-dynamic, binding the sockets on demand. But
it shouldn't be required if you stick to port 4500.
Regards
Martin
More information about the Users
mailing list