[strongSwan] IKEv1 fragmentation support for Windows clients
Volker Rümelin
vr_strongswan at t-online.de
Sun Oct 6 12:28:41 CEST 2013
Hi strongSwan developers,
sometimes I have problems to build up a VPN connection to strongswan
with my Windows clients because of misconfigured or broken routers
dropping IP fragments. A few months ago I tried to enable IKEv1
fragmentation support for Windows clients with a small patch. This works
for Windows XP clients, but breaks Windows 7 l2tp/ipsec clients. It
seems Windows 7 ignores IKE fragments for the second exchange. As a
quick workaround I set fragment_size = 1196. In my case now only
messages containing certificates are sent as IKE fragments, which makes
Windows 7 clients work again.
Now I have a few patches which enable just this behaviour. With
fragmentation=onlycerts strongswan only sends IKE fragments if the peer
supports it and the message contains certificates.
Before I continue I would like to know if this is something you can
accept for the repository?
Thanks,
Volker
More information about the Users
mailing list