[Openswan Users] ipsec over tcp?
tgrzelak at wktpolska.com.pl
tgrzelak at wktpolska.com.pl
Fri Jan 7 19:43:01 CET 2005
Dnia pią 7. stycznia 2005 16:43, napisałeś:
> On Fri, 7 Jan 2005, Tomasz Grzelak wrote:
> > I've got problems in overloaded networks, where ipsec connections tear
> > down often (after several minutes), probably because of keepalive packets
> > being lost.
> >
> > Is it possible to set up a vpn (a windows ipsec/l2tp/ppp client to the
> > openswan 2.2.0) over tcp, not udp encapsulation?
>
> you can't built a tcp state on top of ipsec. the ipsec protocol has no
> three way handshake or acks. Apart from tcp being trivial to kill with an
> RST packet.
I meant something like NAT-T, but over TCP not UDP. I don't know if such a
thing exists at all...
> > And maybe there's another way to reach the goal?
>
> Fix your network. VLAN it, subnet it, kill the traffic on it, QoS it.
Unfortunatelly that's not my network. It's ISP's GPRS network, and I can do
nothing about it.
I must say, that my vpn works fine even on a dialup network with an analog
modem (no teardowns), but on a GPRS network it is pathetic :(
Tom
More information about the Users
mailing list