[strongSwan] [strongswan] - Fragmentation in ikev2
Sriram
sriram.ec at gmail.com
Wed Aug 6 08:14:27 CEST 2014
Hello,
I have installed strongswan-5.2.0 on both the linux peers.
I m trying to establish the tunnel using certificates.
Since I have 2 levels of certificate Authorities( SubCA and RootCA)
IKE_AUTH message containing cert payloads is exceeding mtu(1500)..
IKE_AUTH is getting fragmented after encryption at layer 3. This situation
is ok, as the other end which is also a linux box is able to reassemble and
decrypt..
But the large IKE_AUTH getting fragmented at ip level is not desirable
because of some firewall rules.
So I want to enable fragmentation feature, where multiple IKE_AUTHs are
sent.
For that reason I added "fragmentation=yes" in ipsec.conf on both the
peers.
but it is not taken into effect.
Let me know if I need to do something other than adding fragmentation=yes
in ipsec.conf, even I tried with fragmentation=force, but that didnt help
too..
Any help in this regard is appreciated.
Regards,
Sriram.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140806/7e9a3977/attachment.html>
More information about the Users
mailing list