Joachim Schipper wrote:
> googlemike@hotpop.com wrote:
>>googlemike@hotpop.com wrote:
>>>The following local firewall won't permit me to VPN...
> <snip>
>>>What do I need to do with iptables to poke my VPN connection through?
> <snip: works now, using...>
>>iptables -A INPUT -p tcp -m tcp --dport 500 --syn -j ACCEPT
>>iptables -A INPUT -p udp -m udp --dport 500 -j ACCEPT
>
> TCP is not required. IPSec often uses isakmp for key negotiation; this
> means port 500/udp. If you are using NAT-Traversal, you'll also require
> 4500/udp. You'll know if you're using NAT-T by the number of headaches
> setup caused you... ;-)
If your office IPSec hub is using the older Altiga NAT Traversal in
UDP/TCP you may need TCP/UDP 10000 opened up. But as previously stated
you would most probably know if this was the case.