Yes the data goes over proto 50, but if NAT is detected the proto 50 is encapsulated into a udp port 4500 packet
Sent from my phone > On Aug 31, 2018, at 11:16, John Crisp <[email protected]> wrote: > >> On 31/08/18 01:18, Paul Wouters wrote: >> If there is no NAT you need to open protocol 50 ESP (not port, protocol) >> > > Thanks Paul > > OK...... I know I have that open on the server firewall but can't > remember seeing an option on the cloud providers one. > > Is that because the negotiation is over 500/4500 but the data itself > flows on protocol 50 ? > > Just curious :-) > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
