[strongSwan-dev] FW: query regarding charon.fragment_size !
Tobias Brunner
tobias at strongswan.org
Thu Jul 7 09:59:55 CEST 2016
Hi Pavan,
> 1. Why isnt *charon.fragment_size* enabled by default in code i.e. IKE
> FRAG Enabled by default ?
> What is the rationale behind it to enable specifically in strong
> swan.conf
As documented on [1] or in the man page, you don't have to set that
value in strongswan.conf. If it is not specified address family
specific default values apply (1280 for IPv6 and 576 for IPv4).
But IKE fragmentation has to be enabled explicitly with
fragmentation=yes in ipsec.conf or swanctl.conf.
> 2. What are the frag size supported in case of IPv4 and IPv6 ? Or
> implementation is same in the code.
As documented, whatever you set in charon.fragment_size is used for both
address families.
Regards,
Tobias
[1] https://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf
More information about the Dev
mailing list