Hello,
I wanted to get a sense of WG interest in working on a standard for running
IKEv2/IPSec over a TCP (or TLS/TCP) connection to traverse networks that
currently block UDP traffic.
Here’s the link to the draft:
https://tools.ietf.org/html/draft-pauly-ipsecme-tcp-encaps-00
<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dpauly-2Dipsecme-2Dtcp-2Dencaps-2D00&d=BQMFaQ&c=eEvniauFctOgLOKGJOplqw&r=p3wIGO08_H-OJhunJTPABw&m=YU3nOZToRdXNNjQ3fAzaZFdnwRLcK4y3uWwnHWtbY-U&s=EfG7Pdn-bIObEeQ216ZKhaJApVAA__0qkL7NeZ-AUMY&e=>
Abstract:
This document describes a method to transport IKEv2 and IPSec packets
over a TCP connection for traversing network middleboxes that may
block IKEv2 negotiation over UDP. This method, referred to as TCP
encapsulation, involves sending all packets for tunnel establishment
as well as tunneled packets over a TCP connection.
For clients that rely heavily on IKEv2, such as phones that use IKEv2 to to
route VoIP calls over Wi-Fi back to carrier networks, working in such networks
in critical.
Please respond with your comments!
Thanks,
Tommy Pauly
Apple
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec