Hi tsaitgaist, just a quick educational rant, please don't take it personally:
you are referring to a 5-year old Internet draft, version -02 of draft-eronen-.... Internet drafts are, as the name implies, temporary. They expire after 6 months and normally should not be cited as references. If you look at the top of the document you cite, you can see it was eventually replaced by a (permanent) RFC, http://tools.ietf.org/html/rfc4718. If you follow that link, you will see that RFC 4718 was recently obsoleted by http://tools.ietf.org/html/rfc5996. RFC 5996 is the authoritative text on IKEv2 right now. Thanks, Yaron > > Message: 5 > Date: Wed, 23 Feb 2011 23:06:38 +0100 > From: tsaitgaist<[email protected]> > Subject: [strongSwan] ike_sa_init on port 4500 > To: [email protected] > Message-ID:<[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > Hi, > > I try to configure an IPsec client using strongswan. > I don't know the IPsec server, but I know the connection details. > But the server only listens to port 4500 > Normally strongswan sends the ike_sa_init on port 500 and then switches > to port 4500. > Is it possible to make strongswan send message 1 ike_sa_init on port > 4500 instead of 500 ? > I couldn't make it work using /rightprotoport, /nat_traversal, mobike or > keyexchange > It does not even need to add the additional zeros as described in > http://tools.ietf.org/html/draft-eronen-ipsec-ikev2-clarifications-02#section-6.7 > > thanks, > tsaitgaist _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
