[strongSwan-dev] FW: query regarding charon.fragment_size !
tobias at strongswan.org
Thu Jul 7 09:59:55 CEST 2016
> 1. Why isnt *charon.fragment_size* enabled by default in code i.e. IKE
> FRAG Enabled by default ?
> What is the rationale behind it to enable specifically in strong
As documented on  or in the man page, you don't have to set that
value in strongswan.conf. If it is not specified address family
specific default values apply (1280 for IPv6 and 576 for IPv4).
But IKE fragmentation has to be enabled explicitly with
fragmentation=yes in ipsec.conf or swanctl.conf.
> 2. What are the frag size supported in case of IPv4 and IPv6 ? Or
> implementation is same in the code.
As documented, whatever you set in charon.fragment_size is used for both
More information about the Dev