From 9374813d17789a1ead9612446ef3081abe6d94fd Mon Sep 17 00:00:00 2001
From: seb-kw <66557440+seb-kw@users.noreply.github.com>
Date: Sun, 7 Jun 2020 15:02:22 +0200
Subject: [PATCH] Added a hint for firewall rules

readme: added a hint for firewall rules in backend documentation (IPsec backend)

Could help users to use this backend without problems.
---
 Documentation/backends.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Documentation/backends.md b/Documentation/backends.md
index 5e8007316..4c429a96d 100644
--- a/Documentation/backends.md
+++ b/Documentation/backends.md
@@ -135,6 +135,9 @@ Type:
 * `UDPEncap` (Boolean): Optional, defaults to false. Forces the use UDP encapsulation of packets which can help with some NAT gateways.
 * `ESPProposal` (string): Optional, defaults to `aes128gcm16-sha256-prfsha256-ecp256`. Change this string to choose another ESP Proposal.
 
+Hint: 
+Add rules to your firewall: Open ports 50 (for ESP protocol), UDP 500 (for IKE, to manage encryption keys) and UDP 4500 (for IPSEC NAT-Traversal mode).
+
 #### Troubleshooting
 Logging
 * When flannel is run from a container, the Strongswan tools are installed. `swanctl` can be used for interacting with the charon and it provides a logs command..