search

nm-l2tp / NetworkManager-l2tp

L2TP and L2TP/IPsec support for NetworkManager
GNU General Public License v2.0
488 stars 84 forks source link

How to change port 4500 to 1701 #59

Closed eva-thientran closed 6 years ago

eva-thientran commented 7 years ago

Hello My company have a vpn server but they did not open port 4500 so that When I try connect will be get a error

nm-l2tp[28115] <info>  starting ipsec
Redirecting to: systemctl stop ipsec.service
Redirecting to: systemctl start ipsec.service
002 listening for IKE messages
002 adding interface virbr0/virbr0 192.168.122.1:500
002 adding interface virbr0/virbr0 192.168.122.1:4500
002 adding interface enp2s0/enp2s0 10.11.18.108:500
002 adding interface enp2s0/enp2s0 10.11.18.108:4500
002 adding interface lo/lo 127.0.0.1:500
002 adding interface lo/lo 127.0.0.1:4500
002 adding interface lo/lo ::1:500
002 loading secrets from "/etc/ipsec.secrets"
002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-b6e6cd1b-debe-4ec7-86e3-e852b691748d.secrets"
opening file: /var/run/nm-l2tp-ipsec-b6e6cd1b-debe-4ec7-86e3-e852b691748d.conf
debugging mode enabled

Any about Pluto

Checking that pluto is running                      [OK]
 Pluto listening for IKE on udp 500                 [OK]
 Pluto listening for IKE/NAT-T on udp 4500          [OK]
 Pluto ipsec.secret syntax

My question how to change port in ipsec.conf. Thanks

dkosovic commented 7 years ago

It doesn't use /etc/ipsec.conf, so modify the IPsec config file generation in src/nm-l2tp-service.c in the following section of the code:

by adding the following line:

write_config_option (fd, "  nat-ikeport=1701\n");

and then rebuild and reinstall this VPN plugin. Some instructions for building and installing this VPN plugin:

dkosovic commented 7 years ago

I was looking for something else and came across the following :

Note the part where it says "You can also use the DNAT and SNAT targets in iptables to move ports around, if you so desire."

dkosovic commented 6 years ago

Just cleaning up older issues that are more than a month old.

Hopefully modifying the code or using iptables to redirect ports did the trick.