Been reading various generations of documentation to find out if I need additional TCP or UDP ports opened for IPA replication between VPN-connected dataceners.

I think the modern answer is no? We just need the standard IPA ports open between all of the IPA master/replicas that chat to each other?

                TCP Ports:
                  * 80, 443: HTTP/HTTPS
                  * 389, 636: LDAP/LDAPS
                  * 88, 464: kerberos
                  * 53: bind
                UDP Ports:
                  * 88, 464: kerberos
                  * 53: bind
                  * 123: ntp


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to