[strongSwan] [strongswan] - Fragmentation in ikev2
sriram.ec at gmail.com
Wed Aug 6 08:14:27 CEST 2014
I have installed strongswan-5.2.0 on both the linux peers.
I m trying to establish the tunnel using certificates.
Since I have 2 levels of certificate Authorities( SubCA and RootCA)
IKE_AUTH message containing cert payloads is exceeding mtu(1500)..
IKE_AUTH is getting fragmented after encryption at layer 3. This situation
is ok, as the other end which is also a linux box is able to reassemble and
But the large IKE_AUTH getting fragmented at ip level is not desirable
because of some firewall rules.
So I want to enable fragmentation feature, where multiple IKE_AUTHs are
For that reason I added "fragmentation=yes" in ipsec.conf on both the
but it is not taken into effect.
Let me know if I need to do something other than adding fragmentation=yes
in ipsec.conf, even I tried with fragmentation=force, but that didnt help
Any help in this regard is appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users