commit 9084890d84aa4513345540c346d20ed74149dfe9 parent 49e1c2a40d75d1c235a433bb42fcc5fc67a2370b Author: lostd <lostd@2f30.org> Date: Fri, 2 May 2014 14:29:39 +0300 Better describe port forwarding needed Diffstat:
| M | guides/ipsec.md | | | 13 | ++++++++++--- |
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/guides/ipsec.md b/guides/ipsec.md @@ -44,13 +44,20 @@ services through IPsec tunnels. port pop3 \ psk "hackmemore" -Furthermore, here is a little trick to bypass some nasty firewalls that -block low ports. That is because the isakmpd server uses UDP port 500 -for key management. +The isakmpd server uses UDP port 500 for key management; UDP port 4500 +is used for IPsec NAT features. You should forward those ports on your +router if needed. The ports can be found with: + $ grep ipsec /etc/services + ipsec-nat-t 4500/tcp ipsec-msft # IPsec NAT-Traversal + ipsec-nat-t 4500/udp ipsec-msft # IPsec NAT-Traversal $ grep isakmp /etc/services isakmp 500/udp # ISAKMP key management +Furthermore, here is a little trick to bypass some nasty firewalls that +block low ports. This makes port 500 to effectively appear as port 5000 +to other peers. + /etc/pf.conf: # Rewrite outgoing src port isakmp to src port 5000 and back