[strongSwan] IKE and IPsec over TCP through HTTP proxy CONNECT method?

Noel Kuntze noel at familie-kuntze.de
Fri Oct 25 00:58:22 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Robert,

IPsec can be tunneled over any protocol (as any protocol can), but I have yet to see a piece of software that does that.
IPsec is a vpn by itself and tunnelling it through http/tcp will deteriorate the service's performance, hence I don't think somebody did it yet.
It is based on UDP and works on the ports 500 and 4500 and hence even packet based firewall will be able to distinguish it from http.
OpenVPN can work over tcp and udp and hence can be used to fool non-dpi firewalls.
Like I wrote above, if you can tunnel IPsec over ssh or even better, over http, you can use it in a HTTP-only environment.

Regards
Noel Kuntze
On 25.10.2013 00:51, Robert Tribb wrote:
>
>
> Is there any hope of running IKE and the IPsec tunnel mode from a network where internet access is only permitted through a HTTP proxy?
>
> Many proxies allow the HTTP CONNECT method, usually for connection to an external host listening on port 443.  Many people leave their ssh servers listening on 443 to tunnel / port forward from HTTP(S)-only environments.  I hear that OpenVPN works that way.
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSaaYOAAoJEDg5KY9j7GZY61EQAIXAxol+UisT2C8+RhvqeNa5
a6hb7Zq6+Si3xQFQ/dFMDLyTnQdA2/3Tv7Xp4AYlTCDFUn5S3CdC1nM6pTZVgtog
KHNyGhnupuKr7xiis2ebshMB/VUYSX+fATi5uv0En9h6/pVpCalEB85y6iRENKh0
XV1ALd6tcTFLCaXl+ZCIbUN+XxAKmU4Iu05oVukaF6qWHXmn28FNJiApvaASnlEw
NeszxOdRsVdtSVh4o2t4ZwvvEOY0bBSj0j4V+E0dU52JTimnuuI7t2JXd6YqQplr
BYxcB6Br/yYKZgKg89SSPMFHcbV/e79oltPo+KRSyfvDqoZhKX2f7Gbb6VHtaF5A
VDAxcUfVIfNeyyWdT+bVLlg82ScpD6io0nyV+TeWg56JJ/Rc/DIJjqLIgiIhigAu
N4GK0+qGRSsNVCqNK6DRI+7AayhZ0bsTheN2o/I0ebcXYlmgo/ay35ARuXY3ZIFE
0FM7AIYnbDejjXqTBFeXalJekj8d6jWZoulBoqIeaPjunYZiUMOLUSqJqQgK1wEt
bIN09gJGcRSoEgm/tmb8qzpgO9HoGF2CoFlAeI2SUAth9UHq9ocUE5GyJAwOTnAF
n5b47EzO2xP8oYXk08/euQJetu7fOASHicOJol0FkZwNiP5Km+XwTIC3C+aqh4fa
6Al+oAYpgT0wJmOBJMXY
=6+78
-----END PGP SIGNATURE-----





More information about the Users mailing list