> I don't know about Libreswan, but Strongswan has options to change the
>
> IKE and NAT-T ports (charon.port and charon.port_nat_5 respectively).
>
> -Tom
Libreswan does as well, although the devs (who are very helpful) assure me it
doesn't work. I'll try it anyway like the smartass I am.
Thanks for confirming that my port change kludge doesn't work. It does seem
though that that last monitor is still encapsulated as the payload contains the
whole packet (736 bytes) rather than unwrapping the data (708).
Once I get this sorted out, I'll be VPNning into zeta, a CentOS minimal
installation in my LAN. I'll probably use reverse SSH tunnels to pull in the
SSH ports from other machines in the LAN to zeta localhost, so I don't need to
directly reach outside of zeta. Then I can x2go into each machine that has a
GUI, from remote laptop and phone (assuming I can find an Android x2go app
that's any good) .
Only problem then will be reaching The Internets through VPN and zeta. Zeta
can reach Internet now by normal means, but I may need SNAT of some sort to
plumb the VPN there.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
