[Openswan Users] ipsec over tcp?

Paul Wouters paul at xelerance.com
Fri Jan 7 16:43:53 CET 2005

On Fri, 7 Jan 2005, Tomasz Grzelak wrote:

> I've got problems in overloaded networks, where ipsec connections tear down
> often (after several minutes), probably because of keepalive packets being
> lost.
> Is it possible to set up a vpn (a windows ipsec/l2tp/ppp client to the
> openswan 2.2.0) over tcp, not udp encapsulation?

you can't built a tcp state on top of ipsec. the ipsec protocol has no 
three way handshake or acks. Apart from tcp being trivial to kill with an
RST packet.

> And maybe there's another way to reach the goal?

Fix your network. VLAN it, subnet it, kill the traffic on it, QoS it.


More information about the Users mailing list