4. Does pfsense support Cisco VPN Client using IPSEC over TCP (port 10000)??

Does pfsense support Cisco VPN Client using IPSEC over TCP (port 10000)??

  • A

    Am attempting to connect via an IPSEC VPN to a pfsense server (Release 2.2)

    The Cisco VPN client works fine with "IPSEC over UDP" but when "IPSEC over TCP" is selected, I can see (via packet capture) that the TCP SYN packets are arriving at the pfsense server, but are being ignored….??
    All firewall rules seem to be correct.

    Am puzzled and not sure if it is even supported?

    Thanks in advance.

    0
  • M

    No, IKE (and ESP) over TCP is not supported by strongSwan. Given the issues IPsec-over-TCP has and that IETF defines a mechanism for IKEv2 fragmentation, it is unlikely that this ever gets implemented in strongSwan. We support IKE fragmentation for both IKEv1 and IKEv2 now, which is IMO the better choice.

    Regards
    Martin

    https://wiki.strongswan.org/issues/830

    0
  • C

    That's generally not something you'll find outside of Cisco devices. It's not good to tunnel over TCP anyway, stick with UDP.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy