New accepted Nuts-n-bolts talk.

Many network middleboxes either muck or block all UDP traffic; this includes IKE and IPsec. They are, however, happy to allow TCP connections through because they appear to be web traffic.

Sabrina will describe to get the middle boxes happy with TCP by introducing encapsulation over standard TCP connections based on RFC 8229. She will further describe the implementation approach which utilizes existing kernel infrastructure (TCP upper layer protocol mechanism (ULP) and stream parser), and finaly how it can be used by userspace IKE daemons.

https://netdevconf.org/0x13/session.html?talk-ipsec-encap

cheers, jamal