hwdsl2
commented
7 months ago @algoritmsystems Hello! Please refer to: #1302 and #1450.
Closed algoritmsystems closed 7 months ago
hwdsl2
commented
7 months ago @algoritmsystems Hello! Please refer to: #1302 and #1450.
algoritmsystems
commented
7 months ago Thanks!
letoams
commented
7 months ago If both ends are libreswan you can do it by enabling RFC 8229 support, see the client and server config in this test case: https://github.com/libreswan/libreswan/blob/main/testing/pluto/ikev2-tcp-01-listen-default/east.conf
basicslly add enable-tcp=yes in the connection and listen-tcp=yes in “config setup” on both ends.
You can use ikeport and tcp-remote-port for changing port although usually 4500 TCP works fine
algoritmsystems
commented
7 months ago Thanks @letoams, but it would be better if the script asked for the choice of transport during installation.
letoams
commented
7 months ago On Tue, 5 Mar 2024, algoritmsystems wrote:
Thanks @letoams, but it would be better if the script asked for the choice of transport during installation.
I think at this point the script should probably:
And allow all connections to use TCP 4500.
When using libreswan as a client, the connection should also have tcp-remoteport=4500.
Paul
algoritmsystems
commented
7 months ago Yes! Also would be better to add a function to the script for choosing between IKE, L2TP and Xauth of CISCO
letoams
commented
7 months ago On Mar 6, 2024, at 06:14, algoritmsystems @.***> wrote:
Yes! Also would be better to add a function to the script for choosing between IKE, L2TP and Xauth of CISCO
Honestly, at this point I think it’s valid to no longer support any IKEv1 based solution.
New deployments shouldn’t use it. Clients supporting these do so in old/legacy mode. All modern platforms support IKEv2 now.
Paul
algoritmsystems
commented
7 months ago Sure, I meant v2
how to configure ipsec vpn over tcp port