firewall-cmd --permanent --add-service="ipsec" firewall-cmd --permanent --add-port=4500/udp firewall-cmd --permanent --add-masquerade firewall-cmd --reload