Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Does pfsense support Cisco VPN Client using IPSEC over TCP (port 10000)??

    Scheduled Pinned Locked Moved IPsec
    3 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AaronWalker
      last edited by

      Am attempting to connect via an IPSEC VPN to a pfsense server (Release 2.2)

      The Cisco VPN client works fine with "IPSEC over UDP" but when "IPSEC over TCP" is selected, I can see (via packet capture) that the TCP SYN packets are arriving at the pfsense server, but are being ignored….??
      All firewall rules seem to be correct.

      Am puzzled and not sure if it is even supported?

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • M
        MrMoo
        last edited by

        No, IKE (and ESP) over TCP is not supported by strongSwan. Given the issues IPsec-over-TCP has and that IETF defines a mechanism for IKEv2 fragmentation, it is unlikely that this ever gets implemented in strongSwan. We support IKE fragmentation for both IKEv1 and IKEv2 now, which is IMO the better choice.

        Regards
        Martin

        https://wiki.strongswan.org/issues/830

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          That's generally not something you'll find outside of Cisco devices. It's not good to tunnel over TCP anyway, stick with UDP.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.