VPN and IPtables
Fraser Campbell
fraser-eicrhRFjby5dCsDujFhwbypxlwaOVQ5f at public.gmane.org
Wed Sep 15 22:37:40 UTC 2004
On September 15, 2004 04:13 pm, Lennart Sorensen wrote:
> On Wed, Sep 15, 2004 at 04:05:30PM -0400, The Edge of the Ice wrote:
> > Yes, IIRC the thing to note is that's PROTOCOL 50/51, not PORT 50/51.
> > IPSEC VPN packets aren't transmitted over TCP OR UDP, but use IP
> > protocol numbers 50 and 51.
>
> The key exchange and data go over those protocols, the encrypted data is
> transfered over udp on port 500.
You have it backwards, or perhaps I'm just reading you backwards ;-)
Encrypted data is transferred using protocol 50 (esp), udp port 500 is only
used for key negotiation (isakmp).
--
Fraser Campbell <fraser-Txk5XLRqZ6CsTnJN9+BGXg at public.gmane.org> http://www.wehave.net/
Georgetown, Ontario, Canada Debian GNU/Linux
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list