cisco vpn because of ipsec over tcp
Paul Wouters
paul at cypherpunks.ca
Fri Jan 13 00:22:03 UTC 2012
On Thu, 12 Jan 2012, Matej Cepl wrote:
> Dne 14.11.2011 17:49, Lucas napsal(a):
>> Have anyone here tried to compile cisco vpn for Fedora 16 - 32 or 64
>> bit? I need it sometimes and it should support ipsec over tcp,
>> unfortunately nothing in unix can provide it.
I am not sure if the tcp port 10000 can be implemented from a cisco
licence point of view. If any kind of fake tcp is implemented to tunnel
IPsec, it's probably best to stick it on port 443. The tor people know a
lot about faking https traffic to circumvent a lot of deep packet
inspectors.
But really, if a network administrator blocks udp 4500 so that IPsec
NAT-T is failing, you are basically on a network not welcome to IPsec.
Whether you should attempt port 10000 tcp on such a network, I don't
know....
> Also, I use pretty happily openswan (via NetworkManager-openswan, you
> probably need most recent versions) with our Cisco concentrators.
Perhaps it is time to turn these cisco's into RHEL servers with openswan
:)
Paul
More information about the devel
mailing list