VPN and IPtables
Lennart Sorensen
lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Wed Sep 15 20:13:51 UTC 2004
On Wed, Sep 15, 2004 at 04:05:30PM -0400, The Edge of the Ice wrote:
> Yes, IIRC the thing to note is that's PROTOCOL 50/51, not PORT 50/51. IPSEC
> VPN packets aren't transmitted over TCP OR UDP, but use IP protocol numbers
> 50 and 51.
The key exchange and data go over those protocols, the encrypted data is
transfered over udp on port 500. This allows transfering udp traffic
over ipsec without forcing reliable transmission, while tcp already
handles retries if the udp tunnel drops anything. This is part of what
makes ipsec better than an ssh tunnel or something, since that forces
udp traffic to go over a reliable tunnel which isn't really what you
want for udp data.
Lennart Sorensen
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list