[strongSwan] encryption of fragmented packets in linux

Shashidhar Patil shashi_patil77 at yahoo.com
Fri Aug 23 06:18:17 CEST 2013

has some one tried these scenarios ?
expert advice on this  is very much appreciated.

Best Regards,
Shashidhar Patil

>From: Shashidhar Patil <shashi_patil77 at yahoo.com>
>To: "users at lists.strongswan.org" <users at lists.strongswan.org> 
>Sent: Thursday, August 22, 2013 10:07 AM
>Subject: [strongSwan] encryption of fragmented packets in linux
> Hi,
>Is it possible to enable encryption of fragments in Linux ?
>I'm lookin at the following scenarios:
>	1. the security GW (Linux PC with strongswan) receives IP fragments which needs to encrypted 
>	2. The Linux applies encryption on these fragments directly with appropriate (matching) policy (and sends them as independant ESP packets)
>	1. Linux receives a plain packet which needs to be encrypted but the size of packet will become more than the MTU of the interface on which it needs to be transmitted, after the encryption.
>	2. Linux should do this look-ahead calculation and fragment the IP packet and then encrypt those framgents as independant ESP packets.
>Is it possible to achieve either of these options on Linux.
>Are there any settings on Linux to achieve this ?
>Best Regards,
>Shashidhar Patil
>Users mailing list
>Users at lists.strongswan.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130822/300fb7a4/attachment.html>

More information about the Users mailing list