[strongSwan] IPSec tunnel for port based TS not working

Deepika Agarwal deepi7.agarwal at gmail.com
Thu May 31 18:32:00 CEST 2012

Hello All,

I'm trying to create an IPSec tunnel if the traffic is destined for a
particular protocol/port combination towards the serverf(in my case ,
it is 6/22 where 6 corresponds to tcp and 22 corresponds to the
default port for SSH). I'm using the rightprotoport = 6/22 combination
on the client side.
Once the tunnel is established,  SSH packet is getting encrypted and
is working fine. But if I try to reach the server via any other proto
like ICMP (ping), I'm not getting the reply on the client side.Ideally
it should be a clear text packet reply from server. Please suggest if
any other configuration is required on the client/server side apart
from 'rightprotoport' as well.


P.S: My IPSec client is behind a router and NAT-T is being for
creating a tunnel to server.
If you think you can or if you think you can't, you are right.
-Henry Ford

More information about the Users mailing list