[strongSwan] [Strongswan] Fragmented IP Packets are not encrypted in Strongswan
SaRaVanAn
saravanan.nagarajan87 at gmail.com
Mon Jun 25 17:18:14 CEST 2012
Hi All,
I formed a site to site tunnel in Strongswan using Ikev2 tunnel mode.
Router1 ------------- Router2
I have sent ping packets of size 2000 bytes from router1 to router2. I could
see that packets are fragmented into 2 fragments of size 1514 and 622. But
only one fragment is encrypted by ESP and I could able to see the data in
other fragment, even it's upper layer protocol is ESP. I have attached the
packet dump captured using wireshark for your reference.
Please provide your inputs on this.
Regards,
Saravanan N
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120625/e1835b23/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fragmented_ES_packet_dump
Type: application/octet-stream
Size: 1883367 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120625/e1835b23/attachment.obj>
More information about the Users
mailing list