Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Does pfsense support Cisco VPN Client using IPSEC over TCP (port 10000)??

    IPsec
    3
    3
    1306
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AaronWalker last edited by

      Am attempting to connect via an IPSEC VPN to a pfsense server (Release 2.2)

      The Cisco VPN client works fine with "IPSEC over UDP" but when "IPSEC over TCP" is selected, I can see (via packet capture) that the TCP SYN packets are arriving at the pfsense server, but are being ignored….??
      All firewall rules seem to be correct.

      Am puzzled and not sure if it is even supported?

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • M
        MrMoo last edited by

        No, IKE (and ESP) over TCP is not supported by strongSwan. Given the issues IPsec-over-TCP has and that IETF defines a mechanism for IKEv2 fragmentation, it is unlikely that this ever gets implemented in strongSwan. We support IKE fragmentation for both IKEv1 and IKEv2 now, which is IMO the better choice.

        Regards
        Martin

        https://wiki.strongswan.org/issues/830

        1 Reply Last reply Reply Quote 0
        • C
          cmb last edited by

          That's generally not something you'll find outside of Cisco devices. It's not good to tunnel over TCP anyway, stick with UDP.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy