Shouldn't port 1701 be exposed as udp?

[ricardofandrade]

According to https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol#L2TP/IPsec that's an UDP port.

I'm having issues connecting from Apple devices (which start with a L2TP HELLO message on UDP 1701). I tried to switch the docker command to expose the port 1701 as UDP, and by running tcpdump within the container I can at least see the HELLO messages coming. When exposed as TCP I see nothing and the on the client (macOS) I see unreachable packets - since the 1701 is not open for UDP.

This is less about solving my problem with Apple devices (probably something else), and more about make sure the docs/Dockerfile is using the right settings.

[ricardofandrade]

Found my issue with Apple devices (a mistake apparently). Though I found out that actually I did not need to expose the port 1701 at all to make it work. The link above mentions:

Also, it is not necessary to open UDP port 1701 on firewalls

So apparently the same applies to exposed container ports. The link above also mentions the traffic in 1701 is internal, which I could see in the packet logs, such as:

2022-03-03,06:24:05.443,SID-SECURENAT-1,SID-...-[L2TP]-8,5EB0A80C8452,CA30F38F6AD8,0x0800,104,UDPv4,-,192.168.30.1,domain(53),192.168.30.10,64040,-,-,-,....,-,172.17.0.1(port=1701)

If that's true, 1701 could be potentially omitted from docs/Dockerfile.