Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Changing IPsec VPN Ports

    Scheduled Pinned Locked Moved IPsec
    7 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mohkhalifaM
      mohkhalifa
      last edited by

      Dear all,
      there is a way to change the IPsec ports (500 and 4500) ? Because my ISP is blocking this ports.
      Please Advise!

      1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad
        last edited by

        Use OpenVPN, you can define the server port.

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        mohkhalifaM 1 Reply Last reply Reply Quote 0
        • mohkhalifaM
          mohkhalifa @NogBadTheBad
          last edited by

          @NogBadTheBad OpenVPN site to site has many problem and very long troubleshooting instructions to do MTU, mmfix, ping delay, packet loss ..... etc
          That’s why want to switch to IPsec

          1 Reply Last reply Reply Quote 0
          • NogBadTheBadN
            NogBadTheBad
            last edited by

            You can't change the IPSec ports.

            Andy

            1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

            K 1 Reply Last reply Reply Quote 0
            • K
              Konstanti @NogBadTheBad
              last edited by Konstanti

              @NogBadTheBad said in Changing IPsec VPN Ports:

              IPSec ports

              Why? This is theoretically possible.

              https://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf

              charon.port	500	UDP port used locally. If set to 0 a random port will be allocated.
              charon.port_nat_t	4500	UDP port used locally in case of NAT-T. If set to 0 a random port will be allocated. Has to be different from charon.port, otherwise a random port will be allocated.
              
              NogBadTheBadN 1 Reply Last reply Reply Quote 0
              • NogBadTheBadN
                NogBadTheBad @Konstanti
                last edited by NogBadTheBad

                @Konstanti

                If you want to go ahead hacking the code about feel free, it will break when pfSense is updated.

                Much easier to run OpenVPN.

                @MOHKHALIFA

                Maybe run IPSec over a GRE / GIF Tunnel.

                Andy

                1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                1 Reply Last reply Reply Quote 0
                • mohkhalifaM
                  mohkhalifa
                  last edited by

                  Thanks all for your kind replies appreciated

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.