From 0b7b0bafcbef20612e795168dccefdc6ce4e16cc Mon Sep 17 00:00:00 2001
From: Packit Service <user-cont-team+packit-service@redhat.com>
Date: Feb 04 2021 06:16:43 +0000
Subject: Apply patch 0039-improvement-service-IPsec-Update-description-and-add.patch


patch_name: 0039-improvement-service-IPsec-Update-description-and-add.patch
present_in_specfile: true
location_in_specfile: 39

---

diff --git a/config/services/ipsec.xml b/config/services/ipsec.xml
index 9e70acb..824f1f3 100644
--- a/config/services/ipsec.xml
+++ b/config/services/ipsec.xml
@@ -1,9 +1,10 @@
 <?xml version="1.0" encoding="utf-8"?>
 <service>
   <short>IPsec</short>
-  <description>Internet Protocol Security (IPsec) incorporates security for network transmissions directly into the Internet Protocol (IP). IPsec provides methods for both encrypting data and authentication for the host or network it sends to. If you plan to use a vpnc server or FreeS/WAN, do not disable this option.</description>
+  <description>Internet Protocol Security (IPsec) is the standarized IETF VPN architecture defined in RFC 4301. IPsec is negotiated using the IKEv1 (RFC 2409) or IKEv2 (RFC 7296) protocol, which in itself uses encryption and authentication. IPsec provides Internet Protocol (IP) packet encryption and authentication. Both IKE and IPsec can be encapsulated in UDP (RFC 3948) or TCP (RFC 8229 to make it easier to traverse NAT. Enabling this service will enable IKE, IPsec and their encapsulation protocols and ports. Note that IKE and IPsec can also be configured to use non-default ports, but this is not common practise.</description>
   <port protocol="ah" port=""/>
   <port protocol="esp" port=""/>
   <port protocol="udp" port="500"/>
   <port protocol="udp" port="4500"/>
+  <port protocol="tcp" port="4500"/>
 </service>