RFC 8229 (TCP Encapsulation for IPsec) support merged
RFC 8229 (TCP Encapsulation for IPsec) support merged
Posted Jan 31, 2020 14:30 UTC (Fri) by hailfinger (subscriber, #76962)Parent article: The 5.6 merge window opens
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...
Cover letter: https://marc.info/?l=linux-netdev&m=157468978806473&...
For some networks, all non-TCP communication to the outside is blocked, so you can neither use UDP encapsulation nor raw ESP to establish an IPsec tunnel. With these patches, you can finally use port 443/TCP to establish an IPsec tunnel. Obviously, tunneling e.g. TCP over TCP has some drawbacks, but at least the option does exist now.
@corbet: Would it be possible to mention this in the article (or a followup) in the network section? Thanks!
Posted Jan 31, 2020 16:49 UTC (Fri)
by josh (subscriber, #17465)
[Link]
Posted Feb 11, 2020 2:21 UTC (Tue)
by shef (subscriber, #91287)
[Link]
RFC 8229 (TCP Encapsulation for IPsec) support merged
RFC 8229 (TCP Encapsulation for IPsec) support merged