Re: Is anyone successfully using IPSec along with Windows Server 2016 (1709)?


A William Martin
 

Thanks, Aaron.

A couple of notes: The Garden Windows team has started working on contributing to the Envoy Windows support. We're betting on this as the most likely path forward for data-in-motion security, along with Istio support.

We're still planning how long the team (along with BOSH Windows) can maintain 2012 R2 support (as supporting a new Windows OS every 6 months is important but tedious). Our current thinking is to maintain it for about 12 months from now to give us time to achieve parity on the 2016 stack.

William


On Thu, Jun 14, 2018 at 12:04 PM Aaron Huber <aaron.m.huber@...> wrote:
Just to close on this Microsoft has confirmed that this is expected for now, using IPSec along with WinNAT is not supported in 1709, 1803, or the upcoming Windows Server 2019.  They are considering it for inclusion in a future release but there is no timeline.  For now there is no way to encrypt the traffic between the gorouter and the containers on Windows which will prevent us (and others I'm sure) from moving off of Windows Server 2012 R2 for legacy .NET apps.  Hopefully Envoy will be working on Windows soon (https://github.com/envoyproxy/envoy/issues/129) so we can remove the IPSec dependency.

Aaron

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.