[strongSwan] ike_sa_init on port 4500

Yaron Sheffer yaronf.ietf at gmail.com
Thu Feb 24 22:27:45 CET 2011

Hi tsaitgaist,

just a quick educational rant, please don't take it personally:

you are referring to a 5-year old Internet draft, version -02 of 
draft-eronen-.... Internet drafts are, as the name implies, temporary. 
They expire after 6 months and normally should not be cited as 
references. If you look at the top of the document you cite, you can see 
it was eventually replaced by a (permanent) RFC, 
http://tools.ietf.org/html/rfc4718. If you follow that link, you will 
see that RFC 4718 was recently obsoleted by 
http://tools.ietf.org/html/rfc5996. RFC 5996 is the authoritative text 
on IKEv2 right now.


> Message: 5
> Date: Wed, 23 Feb 2011 23:06:38 +0100
> From: tsaitgaist<ml at mail.tsaitgaist.info>
> Subject: [strongSwan] ike_sa_init on port 4500
> To: users at lists.strongswan.org
> Message-ID:<4D6584EE.8050804 at mail.tsaitgaist.info>
> Content-Type: text/plain; charset="iso-8859-1"
> Hi,
> I try to configure an IPsec client using strongswan.
> I don't know the IPsec server, but I know the connection details.
> But the server only listens to port 4500
> Normally strongswan sends the ike_sa_init on port 500 and then switches
> to port 4500.
> Is it possible to make strongswan send message 1 ike_sa_init on port
> 4500 instead of 500 ?
> I couldn't make it work using /rightprotoport, /nat_traversal, mobike or
> keyexchange
> It does not even need to add the additional zeros as described in
> http://tools.ietf.org/html/draft-eronen-ipsec-ikev2-clarifications-02#section-6.7
> thanks,
> tsaitgaist

More information about the Users mailing list