[strongSwan] ESP-encap port different than 4500

Michael Schwartzkopff ms at sys4.de
Fri Jan 8 15:09:29 CET 2021


I have two different VPN servers behind ONE NAT address. Yes, I know it
is nonsense, but it is the situation given here.

One runs with 500/4500. Everything is find. I configured the firewall to
forward packets on these port to the first VPN server.

I want to use port 510 and 4510 for the second server. I configured
charon.conf according.

On the client side I configured rightikeport=510. So the client sends
the init request from port 500 to port 510. The server recognizes the
NAT-T on both ends, sends back the response.

The clients sends third packet from port 4500 to port 4500, which fails
of course.

Is there any possibility to tell the client to use port 45100 of the
ESP-encap port?

Mit freundlichen Grüßen,


[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210108/b7622176/attachment.sig>

More information about the Users mailing list