Tuesday, November 6, 2018

About Chinese Great Firewall and IPsec

https://www.reddit.com/r/networking/comments/715q8s/all_of_our_ipsec_vpn_tunnels_from_china_went_down/

Not every IPsec connection will be blocked, I tried for many times. It seems like:

1.Certificate based will certainly be blocked, PSK and IKEv2 is okay.

2.Avoid transmit ANY parameter in IKE, include leftid/rightid, key exchange process should as simple/fast as possible.

My solution: A very long and complex PSK for both left and right authentication, and avoid any parameter during IKE, not to define leftid/rightid.



No comments:

Post a Comment