pfSense

Got a IPSEC IKEv2 Tunnel up and running where a linux client connects to the pfsense 2.2.2 server. When connecting i got the following message:

received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding

From the following RFC of an IPsec implementation, TFC should be implemented.

https://tools.ietf.org/html/rfc4303#page-17

From strongswan doc (ipsec.conf) TFC is defined by:

tfc = <value>

number of bytes to pad ESP payload data to. Traffic Flow Confidentiality is currently supported in IKEv2 and applies to outgoing packets only. The special value %mtu fills up ESP packets with padding to have the size of the MTU.

By looking in freebsd release 10.1 (which is the one pfSense is running) it also looks like TFC should be supported.

https://www.freebsd.org/cgi/man.cgi?query=ipsec.conf&apropos=0&sektion=5&manpath=FreeBSD+Ports+10.1-RELEASE&arch=default&format=html

So it looks like TFC isn't supported in pfSense or the option is just missing in the webConfigurator even though it should be supported.