VPN and IPtables
James Knott
james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Wed Sep 15 20:27:39 UTC 2004
Lennart Sorensen wrote:
> On Wed, Sep 15, 2004 at 04:05:30PM -0400, The Edge of the Ice wrote:
>
>>Yes, IIRC the thing to note is that's PROTOCOL 50/51, not PORT 50/51. IPSEC
>>VPN packets aren't transmitted over TCP OR UDP, but use IP protocol numbers
>>50 and 51.
>
>
> The key exchange and data go over those protocols, the encrypted data is
> transfered over udp on port 500. This allows transfering udp traffic
> over ipsec without forcing reliable transmission, while tcp already
> handles retries if the udp tunnel drops anything. This is part of what
> makes ipsec better than an ssh tunnel or something, since that forces
> udp traffic to go over a reliable tunnel which isn't really what you
> want for udp data.
I use OpenVPN for my VPN. It uses UDP packets, though it can also use TCP.
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list