On 01/07/2018 09:48 AM, Tom Eastep wrote: >> >> Libreswan is supposed to automatically handle DNAT-T and clearly it does >> as it works when not changing ports. And changing ports in this way >> should not be visible to it unless there's some damage in the >> decapsulation process. >> > > There is no encapsulation going on at this point, but I have also > confirmed that it doesn't work. I can only assure you that this isn't a > Shorewall issue, as there are no options to the iptables DNAT target > that are remotely relevant to this problem. >
I don't know about Libreswan, but Strongswan has options to change the IKE and NAT-T ports (charon.port and charon.port_nat_5 respectively). -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
