Skip to content

Commit

Permalink
Added a hint for firewall rules
Browse files Browse the repository at this point in the history 
readme: added a hint for firewall rules in backend documentation (IPsec backend)

Could help users to use this backend without problems.
  • Loading branch information
@seb-kw
seb-kw committed Jun 7, 2020
1 parent 4856497 commit 9374813
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions Documentation/backends.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,9 @@ Type:
* `UDPEncap` (Boolean): Optional, defaults to false. Forces the use UDP encapsulation of packets which can help with some NAT gateways.
* `ESPProposal` (string): Optional, defaults to `aes128gcm16-sha256-prfsha256-ecp256`. Change this string to choose another ESP Proposal.

Hint:
Add rules to your firewall: Open ports 50 (for ESP protocol), UDP 500 (for IKE, to manage encryption keys) and UDP 4500 (for IPSEC NAT-Traversal mode).

#### Troubleshooting
Logging
* When flannel is run from a container, the Strongswan tools are installed. `swanctl` can be used for interacting with the charon and it provides a logs command..
Expand Down

0 comments on commit 9374813

Please sign in to comment.