[strongSwan-dev] charon-nm IKEv2 Fragmentation
Richard Laager
rlaager at wiktel.com
Thu Oct 20 05:18:07 CEST 2016
In src/charon-nm/nm/nm_service.c, on line 542 in connect_(), when
ike_cfg_create() is called, FRAGMENTATION_NO is passed:
https://git.strongswan.org/?p=strongswan.git;a=blob;f=src/charon-nm/nm/nm_service.c;h=c4dd9e05b6c9d62ffc2c69e5820d291df2dd642a;hb=HEAD#l542
Should this be FRAGMENTATION_YES instead, now that "fragmentation=yes"
is the default? In other words, is this an oversight, or is it
intentionally different (and if so, why)?
If I change that to FRAGMENTATION_YES, I can successfully connect when
IP fragments are blocked, which I cannot do with FRAGMENTATION_NO.
--
Richard
More information about the Dev
mailing list