Hi, > Is it possible to make strongswan send message 1 ike_sa_init on port > 4500 instead of 500 ?
Yes, starting with 4.4.0, charon supports the left-/rightikeport ipsec.conf options. Setting rightikeport=4500 initiates directly to port 4500. > it does need the 4 zeros at the beginning to tell it's not an esp To add the non-esp marker, use a local port different from 500 by setting leftikeport=4500, too. The default socket listens on port 500 and 4500 only, so any different leftikeport won't work. There is a special initiator-only socket implementation called socket-dynamic, binding the sockets on demand. But it shouldn't be required if you stick to port 4500. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
