[strongSwan] how to tell charon-nm to use 500/udp and 4500/udp
Tobias Brunner
tobias at strongswan.org
Thu Jul 14 16:15:29 CEST 2022
Hi Harald,
> is there some way to tell charon-nm to use 4500/udp for the outgoing
> connection, instead of an arbitrary port, if available? Same for
> 500/udp.
You can explicitly configure the ports via strongswan.conf
(charon-nm.port and charon-nm.port_nat_t). Just make sure you don't use
charon or charon-systemd on the same host to avoid conflicts.
> I assume a problem on the AVM Fritzbox in this context. 500/udp and
> 4500/udp at both ends appears to be more reliable.
That doesn't really make sense as there could always be a NAT in between
that changes the source ports.
Also, has AVM finally released a version of their system that supports
IKEv2? Took them long enough. But considering their track record
regarding IKEv1, I guess we have to expect interoperability issues for
the next 20 years.
> However, I am not
> sure at all where the temporary port comes from.
What are you referring to?
Regards,
Tobias
More information about the Users
mailing list