>> Libreswan does as well, although the devs (who are very helpful) assure
>> me it doesn't work.
>
> Bummer.
Indeed when putting in ipsec.conf, the config setup section (as called for in
man ipsec.conf):
ikeport = 5500
... and restarting, it merrily disobeys and stays on 500. And interfaces =
eth0 doesn't work either, it listens on everything (including IPv6 which is
turned off in the kernel).
I've asked devs on IRC, but for some reason they're usually gone Sundays...
that's weird. What's a "day off"?
No one seems to appreciate my motivations for wanting to change ports
(including them and Ss devs) -- and I can't seem to explain the benefits of
port knocking, nor pre-standard lattice encryption, either. These are all
high-grade security-related concerns, but I guess I have what I have. All I
can do is lobby.
I could probably change ports in Strongswan, but I am not going back there
no-how for nothin'.
>
>
>> I'll try it anyway like the smartass I am.
>> Thanks for confirming that my port change kludge doesn't work. It does
>> seem though that that last monitor is still encapsulated as the payload
>> contains the whole packet (736 bytes) rather than unwrapping the data (708).
>
> The IPv4 header is 20 bytes (with no options specified) and the UDP
> header is 8 bytes (source and destination port numbers, payload length
> and checksum). 20 + 8 + 708 = 736.
Sure. But notice in the first monitor that the data payload is broken out as
708 bytes, and then the whole packet is recognized as 736. But in the last
monitor we're looking only at the whole packet (as we were in the middle
monitor), and the data payload isn't recognized, so I suspicion we're not
deNATted yet.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
