Re: [bitfolk] port 500 UDP

On 2021-01-27 01:12, Misha Gale wrote:
> Hi there,
>
> I'm trying to troubleshoot an issue on my home network, using my Bitfolk VPN. I'm pretty sure the issue is with my ISP's network, but to be sure, is there any thing on Bitfolk's network that would be filtering incoming UDP packets to port 500?

UDP/500 is best known for its use in IPsec VPNs, as the port used for
IKE. If NAT is involved, UDP/4500 is used instead after the initial
negotiation, so you might check if that is also unexpectedly blocked.
Maybe ask your so-called ISP if they have a policy about the use of VPNs
- many of the commercial VPNs used for anonymity or watching US TV or
whatever are IPsec-based. The primary uses for IPsec are legitimate of
course, and ISPs have no business blocking it without asking. This
assumes there's nothing in the paperwork which you signed with them that
states this is their policy though.


> sudo lft -z -u -d 500 109.249.190.48
> Tracing ......**********
> TTL LFT trace to 109.249.190.48:500-516/udp
> 1 _gateway (192.168.0.1) 0.5ms
> 2 141.xxx.xxx.xxx.bcube.co.uk (141.xxx.xxx.xxx) 8.0ms # (redacted, my IP)
> 3 172.16.23.244 2.3ms
> 4 172.16.16.77 2.0ms
> 5 172.17.12.16 1.9ms
> 6 172.17.10.148 7.0ms
> ** [500-516/udp no reply from target] Use -VV to see packets.


The fact that these people are doing CGN and also have chosen to number
their routers using non-routable address space means that you may be
lucky to find any clue at all.


Ant