I am working with a company whom uses ipcop. I use shorewall. i would like to create an ipsec vpn tunnel through my shorewall firewall. do i have to do anything other than forward port 500, or is there and ipsec passthrough option i have not seen? I posted once before but I dont know if it went through... Any help will be greatly appriciated : - D -- Thank you, Frank Di Rocco if (!try()) { while (!$caught) { cheat(); } lie(); exit; } - anonymous
Hi Frank On 4/13/06, Frank DiRocco <ofanged1@gmail.com> wrote:> I am working with a company whom uses ipcop. I use shorewall. i would like > to create an ipsec vpn tunnel through my shorewall firewall. do i have to do > anything other than forward port 500, or is there and ipsec passthrough > option i have not seen?There are a lot of different variations of ipsec (and I''m not an expert on any of them...). So you probably have to explain your setup in greater detail. But in general, the "original" ipsec uses UDP port 500 and IP-protocol 50 and 51. As that was a lot of trouble, a newer NAT-traversal ipsec was created that uses just UDP port 500 and 4500. Rune ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
thanks for the reply! I am using the nat traversal version of ipsec. I have only forwarded udp 500. Is it nessecary to forward udp 4500 as well? On 4/13/06, Rune Kock <rune.kock@gmail.com> wrote:> > Hi Frank > > On 4/13/06, Frank DiRocco <ofanged1@gmail.com> wrote: > > I am working with a company whom uses ipcop. I use shorewall. i would > like > > to create an ipsec vpn tunnel through my shorewall firewall. do i have > to do > > anything other than forward port 500, or is there and ipsec passthrough > > option i have not seen? > > There are a lot of different variations of ipsec (and I''m not an > expert on any of them...). So you probably have to explain your setup > in greater detail. > > But in general, the "original" ipsec uses UDP port 500 and IP-protocol > 50 and 51. As that was a lot of trouble, a newer NAT-traversal ipsec > was created that uses just UDP port 500 and 4500. > > > Rune > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting > language > that extends applications into web and mobile media. Attend the live > webcast > and join the prime developer group breaking into this new coding > territory! > http://sel.as-us.falkag.net/sel?cmdlnk&kid0944&bid$1720&dat1642 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- Thank you, Frank Di Rocco if (!try()) { while (!$caught) { cheat(); } lie(); exit; } - anonymous
> thanks for the reply! I am using the nat traversal version of ipsec. I have > only forwarded udp 500. Is it nessecary to forward udp 4500 as well?As I said, I am not an expert on this, but I believe the answer is yes. Of course, if the ipsec-connection is initiated by your local system, you should not need to forward any ports, just allow outgoing connections. ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642