Change IPSec ports?

smccloud · May 21, 2025, 04:52:46 PM

I currently have a pfSense VM at work with the IPSec ports set to 501 and 4501 so as not to overlap with the main Meraki Client VPN we use. I want to replace it with an OPNsense VM, but I need to use the same ports for IPSec. Is this possible with OPNsense? I know it is not a normal use case, and I am fine with it.

viragomann · May 21, 2025, 06:04:20 PM

Yes, in IPSec "Connections" you can state local and remote port if you enable the advanced mode.

Monviech (Cedrik) · May 21, 2025, 06:07:38 PM

You can only choose 500 or 4500 from that dropdown to stay aligned with IPsec standards.

viragomann · May 21, 2025, 06:14:08 PM

I see. Thought, it's possible to state a custom port there.

So maybe natting the port can be a workaround.

smccloud · May 21, 2025, 07:52:01 PM

Quote from: viragomann on May 21, 2025, 06:14:08 PMI see. Thought, it's possible to state a custom port there.

So maybe natting the port can be a workaround.

I have tried to use NAT for pfSense and that doesn't work so well, so I don't think it will work for OPNsense either :(

I suppose I could try one of our alternative IPs and see if it works, I know they don't work for everything though, since Merakis are weird for outbound traffic when them come in on them.

Change IPSec ports?

smccloud

May 21, 2025, 04:52:46 PM

viragomann

May 21, 2025, 06:04:20 PM #1

Monviech (Cedrik)

May 21, 2025, 06:07:38 PM #2

viragomann

May 21, 2025, 06:14:08 PM #3

smccloud

May 21, 2025, 07:52:01 PM #4 Last Edit: May 21, 2025, 07:58:40 PM by smccloud