[strongSwan] encryption of fragmented packets in linux

Shashidhar Patil shashi_patil77 at yahoo.com
Thu Aug 22 06:37:20 CEST 2013


Is it possible to enable encryption of fragments in Linux ?

I'm lookin at the following scenarios:
	1. the security GW (Linux PC with strongswan) receives IP fragments which needs to encrypted 
	2. The Linux applies encryption on these fragments directly with appropriate (matching) policy (and sends them as independant ESP packets)
	1. Linux receives a plain packet which needs to be encrypted but the size of packet will become more than the MTU of the interface on which it needs to be transmitted, after the encryption.
	2. Linux should do this look-ahead calculation and fragment the IP packet and then encrypt those framgents as independant ESP packets.
Is it possible to achieve either of these options on Linux.
Are there any settings on Linux to achieve this ?
Best Regards,
Shashidhar Patil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130821/a895eaf5/attachment.html>

More information about the Users mailing list