[strongSwan] [Strongswan] Fragmented IP Packets are not encrypted in Strongswan

SaRaVanAn saravanan.nagarajan87 at gmail.com
Mon Jun 25 17:18:14 CEST 2012

Hi All,
   I formed a site to site tunnel in Strongswan using Ikev2 tunnel mode.

Router1  ------------- Router2

I have sent ping packets of size 2000 bytes from router1 to router2. I could
see that packets are fragmented into 2 fragments of size 1514 and 622. But
only one fragment is encrypted by ESP and I could able to see the data in
other fragment, even it's upper layer protocol is ESP.  I have attached the
packet dump captured using wireshark for your reference.

Please provide your inputs on this.

Saravanan N
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120625/e1835b23/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fragmented_ES_packet_dump
Type: application/octet-stream
Size: 1883367 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120625/e1835b23/attachment.obj>

More information about the Users mailing list