[strongSwan] ESP-encap port different than 4500
noel.kuntze+strongswan-users-ml at thermi.consulting
Fri Jan 8 16:25:08 CET 2021
Set remote and local IKE ports to something else than 500 and NON-ESP markers are set automatically, so NAT-T is then on by default, so to say. Just start off with port 4510. No need to float up. :)
Am 08.01.21 um 15:09 schrieb Michael Schwartzkopff:
> I have two different VPN servers behind ONE NAT address. Yes, I know it
> is nonsense, but it is the situation given here.
> One runs with 500/4500. Everything is find. I configured the firewall to
> forward packets on these port to the first VPN server.
> I want to use port 510 and 4510 for the second server. I configured
> charon.conf according.
> On the client side I configured rightikeport=510. So the client sends
> the init request from port 500 to port 510. The server recognizes the
> NAT-T on both ends, sends back the response.
> The clients sends third packet from port 4500 to port 4500, which fails
> of course.
> Is there any possibility to tell the client to use port 45100 of the
> ESP-encap port?
> Mit freundlichen Grüßen,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 840 bytes
Desc: OpenPGP digital signature
More information about the Users