[Openswan Users] ipsec over tcp?

tgrzelak at wktpolska.com.pl tgrzelak at wktpolska.com.pl
Fri Jan 7 19:43:01 CET 2005

Dnia pią 7. stycznia 2005 16:43, napisałeś:
> On Fri, 7 Jan 2005, Tomasz Grzelak wrote:
> > I've got problems in overloaded networks, where ipsec connections tear
> > down often (after several minutes), probably because of keepalive packets
> > being lost.
> >
> > Is it possible to set up a vpn (a windows ipsec/l2tp/ppp client to the
> > openswan 2.2.0) over tcp, not udp encapsulation?
> you can't built a tcp state on top of ipsec. the ipsec protocol has no
> three way handshake or acks. Apart from tcp being trivial to kill with an
> RST packet.

I meant something like NAT-T, but over TCP not UDP. I don't know if such a 
thing exists at all...

> > And maybe there's another way to reach the goal?
> Fix your network. VLAN it, subnet it, kill the traffic on it, QoS it.

Unfortunatelly that's not my network. It's ISP's GPRS network, and I can do 
nothing about it.
I must say, that my vpn works fine even on a dialup network with an analog 
modem (no teardowns), but on a GPRS network it is pathetic :(


More information about the Users mailing list