On 01/07/2018 11:12 AM, Colony.three via Shorewall-users wrote: > >> I don't know about Libreswan, but Strongswan has options to change the >> IKE and NAT-T ports (charon.port and charon.port_nat_5 respectively). >> >> -Tom >> > > Libreswan does as well, although the devs (who are very helpful) assure > me it doesn't work.
Bummer. > I'll try it anyway like the smartass I am. > > Thanks for confirming that my port change kludge doesn't work. It does > seem though that that last monitor is still encapsulated as the payload > contains the whole packet (736 bytes) rather than unwrapping the data (708). The IPv4 header is 20 bytes (with no options specified) and the UDP header is 8 bytes (source and destination port numbers, payload length and checksum). 20 + 8 + 208 = 736. > > Once I get this sorted out, I'll be VPNning into zeta, a CentOS minimal > installation in my LAN. I'll probably use reverse SSH tunnels to pull > in the SSH ports from other machines in the LAN to zeta localhost, so I > don't need to directly reach outside of zeta. Then I can x2go into each > machine that has a GUI, from remote laptop and phone (assuming I can > find an Android x2go app that's any good) . > > Only problem then will be reaching The Internets through VPN and zeta. > Zeta can reach Internet now by normal means, but I may need SNAT of some > sort to plumb the VPN there. > Yes -- you will need SNAT on Zeta. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
