VPN and IPtables

Lennart Sorensen lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Thu Sep 16 00:05:30 UTC 2004


On Wed, Sep 15, 2004 at 06:37:40PM -0400, Fraser Campbell wrote:
> You have it backwards, or perhaps I'm just reading you backwards ;-)  
> Encrypted data is transferred using protocol 50 (esp), udp port 500 is only 
> used for key negotiation (isakmp).

Hmm, that wouldn't make sense since it's the data you care less about
loosing than the key exchanges, or so I would think, since some data may
be udp data and you have no reason to garentee delivery.  Using a
different protocol than udp would mean routers don't have a clue about
the importance of that data.  But then again I could be wrong about
which port does which.  I know they are both required for ipsec to work
though. :)

Lennart Sorensen
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list