divzeroweb

2f30.org website
git clone git://git.2f30.org/divzeroweb.git
Log | Files | Refs | README | LICENSE

commit 9084890d84aa4513345540c346d20ed74149dfe9
parent 49e1c2a40d75d1c235a433bb42fcc5fc67a2370b
Author: lostd <lostd@2f30.org>
Date:   Fri May  2 14:29:39 +0300

Better describe port forwarding needed

Diffstat:
guides/ipsec.md | 13++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/guides/ipsec.md b/guides/ipsec.md @@ -44,13 +44,20 @@ services through IPsec tunnels. port pop3 \ psk "hackmemore" -Furthermore, here is a little trick to bypass some nasty firewalls that -block low ports. That is because the isakmpd server uses UDP port 500 -for key management. +The isakmpd server uses UDP port 500 for key management; UDP port 4500 +is used for IPsec NAT features. You should forward those ports on your +router if needed. The ports can be found with: + $ grep ipsec /etc/services + ipsec-nat-t 4500/tcp ipsec-msft # IPsec NAT-Traversal + ipsec-nat-t 4500/udp ipsec-msft # IPsec NAT-Traversal $ grep isakmp /etc/services isakmp 500/udp # ISAKMP key management +Furthermore, here is a little trick to bypass some nasty firewalls that +block low ports. This makes port 500 to effectively appear as port 5000 +to other peers. + /etc/pf.conf: # Rewrite outgoing src port isakmp to src port 5000 and back