[strongSwan] IKE and IPsec over TCP through HTTP proxy CONNECT method?

Noel Kuntze noel at familie-kuntze.de
Fri Oct 25 00:57:45 CEST 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Robert,

IPsec can be tunneled over any protocol (as any protocol can), but I have yet to see a piece of software that does that.
IPsec is a vpn by itself and tunnelling it through http/tcp will deteriorate the service's performance, hence I don't think somebody did it yet.
It is based on UDP and works on the ports 500 and 4500 and hence even packet based firewall will be able to distinguish it from http.
OpenVPN can work over tcp and udp and hence can be used to fool non-dpi firewalls.
Like I wrote above, if you can tunnel IPsec over ssh or even better, over http, you can use it in a HTTP-only environment.

Regards
Noel Kuntze
On 25.10.2013 00:51, Robert Tribb wrote:
>
>
> Is there any hope of running IKE and the IPsec tunnel mode from a network where internet access is only permitted through a HTTP proxy?
>
> Many proxies allow the HTTP CONNECT method, usually for connection to an external host listening on port 443.  Many people leave their ssh servers listening on 443 to tunnel / port forward from HTTP(S)-only environments.  I hear that OpenVPN works that way.
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSaaXoAAoJEDg5KY9j7GZYcLUP/1Dssgq9uy2Zc6FLj06nrndc
oDb2XGVq/91EUdV3ub+C0uMITfx2CpUxGNBRWV+if3KGrg6NuoLS+TgbOj98iAzF
88AZk36l+VBRAnUVxaZ6yJacBBARZ+nf+a9Gy1i4Q9qhwMy6b8m4tXeeQ87O7jQu
ssmUSkRkKJYM14/6QAoP92Yw997FhOtRhWY+XdcbJRXzH3d5ERi0/7ICUyhvuKlX
1779CxNBCtXySLm6Mc8vX4JGqOsxGRsTIDgPoUGv//WI8FUTPQuPLW0OPn3riex5
Q6fiy1d43XHVZKX7Q9GsjposInxMvsgs+HwZvVk0nun2yf/RNsD3DGWyx9iuv1rz
+eC9cvekKLk2CsjdRiCOGkTSRwIS87S68tRXjAfnrWfIgCB+oOugrbovPP76Fa+z
zgCmQ4/fXoncbqTb/yTrIOQu47nBFcPITHKtaJtVVOflKjfL9KOvSdWmie0HK8RY
JA3IjzQZrGX31w9NEaKKFqJOKsXSbfTFn+aC9uZLpjSr92ck0CIkI0pd521yA2dr
0TOiH4xdaamDoJDep+NCfShJQ6fwb6Fe6JGYWYVGeM8NrDEOSSP8mhWO/pwLvuQM
EviZEBw6YaSG7BJS4lScnE9gFfFOVcSM8a9vCkiRRiOi3xPIJ4vVXHIO6wD5u6YC
+1crtQA0V4+qltZau+Lp
=/1zw
-----END PGP SIGNATURE-----

More information about the Users mailing list