Feature #830: Can I use tcp protocol to establish strongswan? - strongSwan

Feature #830

Can I use tcp protocol to establish strongswan?

Added by shuai yu over 10 years ago. Updated over 10 years ago.

Status:

Rejected

Priority:

Normal

Assignee:

Martin Willi

Category:

libcharon

Start date:

22.01.2015

Due date:

Estimated time:

Resolution:

Won't fix

Description

strongswan I just started learning, I tested can be modified to use other udp port leftikeport establish ipsec, but I want to know whether it using tcp protocol

History

#1 Updated by Martin Willi over 10 years ago

Tracker changed from Issue to Feature
Category set to libcharon
Status changed from New to Rejected
Assignee set to Martin Willi
Resolution set to Won't fix

Hi,

No, IKE (and ESP) over TCP is not supported by strongSwan. Given the issues IPsec-over-TCP has and that IETF defines a mechanism for IKEv2 fragmentation, it is unlikely that this ever gets implemented in strongSwan. We support IKE fragmentation for both IKEv1 and IKEv2 now, which is IMO the better choice.

Regards
Martin

Project

General

Profile

strongSwan

Issues

Feature #830

Can I use tcp protocol to establish strongswan?

History

#1 Updated by Martin Willi over 10 years ago