[strongSwan] left|rightikeport obsolete?
Tobias Brunner
tobias at strongswan.org
Mon Jul 23 15:59:54 CEST 2018
Hi Harald,
> This sounds pretty vague. I would like to tell strongswan to use 443/udp
> for NAT traversal and dead peer detection, and to use port 500/udp for
> isakmp as usual. AFAICT this can be done with charon.port and charon.\
> port_nat_t, so I wonder what is left|rightikeport good for?
`leftikeport` only fully works in combination with the socket-dynamic
plugin, which allows using an arbitrary configured source port (as long
as you only configure one of the two ports that the socket-default
plugin opened it also works with that). `rightikeport` is used to
connect to a specific destination port (must be the NAT-T port of the
server). The two settings in strongswan.conf specify the ports bound by
the socket-default plugin (may be set to 0 to use random ports, which is
useful on clients). Regarding the use of custom server ports, see [1].
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/NatTraversal#Custom-Server-Ports
More information about the Users
mailing list