[strongSwan] StrongSwan support for IPsec pre-fragmentation

Harry Chan-Maestas harry.chan.maestas at gmail.com
Sun Mar 8 01:27:40 CET 2015


Hi Noel,

Thank you very much for the hint. I will give it a try.

Harry

On Sat, Mar 7, 2015 at 6:53 AM, Noel Kuntze <noel at familie-kuntze.de> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Harry,
>
> As IPsec processing is done by the kernel using policies and the routing
> is configured using the routing table,
> you need to set the MTU on the routes to your endpoints. As strongSwan
> manages its own routing table, you
> need to make strongSwan set the MTU by itself.
> You can make it do that by setting charon.plugins.kernel-netlink.mtu in
> strongswan.conf to the MTU you want.
> That option is available since version 5.2.2.
>
> Mit freundlichen Grüßen/Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 07.03.2015 um 02:42 schrieb Harry Chan-Maestas:
> > Hi,
> >
> > I am a new StrongSwan user, having switched recently from racoon, and I
> have a question about IPsec packet fragmentation.
> >
> > In racoon, there is a configuration option "esp_frag". When enabled,
> racoon will set IPsec to fragment jumbo frames before ESP is applied. I
> have been look through StrongSwan's Wiki, but have not found any
> configuration options which would achieve that effect.
> >
> > Would anyone have some suggestions on alternative methods I can take?
> >
> > Any help would be appreciated.
> >
> > Thank you,
> >
> > Harry
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org
> > https://lists.strongswan.org/mailman/listinfo/users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJU+xDbAAoJEDg5KY9j7GZY+e4P+QFNuf6AfB+Byio43SKDXIkN
> nVSDmO9s5KO3jiPNNVL3XrSgCI+IKveL4SXe87cy3anoVfVwIEYSPhctPFkk3tDZ
> BEY+ztGqgJXK8JM9jjeuSQrkj2OzNrLgbbEvojiJMcI8MpfYRx6i/IgJHjECyOm0
> fsAouwTfK3PcPv9LT9g1bQX1VP3CmdTzG+NQ68cxkG96p+zWajaG/vasHS49uqeA
> 6QyJBZXFXmD0fTGrkCE8B3HQTBuZvbA37allNk83wi5VdJ/MIIsxC1Ql86cDhRUs
> 52TnYRWnVzSQZWLw999HS1FyoPpVC60ikUkD5FMQCqtaegT2qvmTvgsyL+DZVga6
> Jsc4UV4A3zmVuuETl4ufE7gE+HegA7Y/qcLXpqCW8GVs125wI+hu2VKG9kVipQSi
> hDhBws9waKvxKIL7hy2bhELIlU3r3QPUesFRP1Xu/Vq1Nu/j1t1LkQX30e6e1qQ5
> 5r90YUHOsOuUlYJS8NhVBlp3r23TwR+u1xivo3K9XmYPXb6Vi4Th0UHPwKkbrEyV
> TNyt6h/qYol/spr/mAYnZ7zGwNjUzZRDMoiN/OpJt7iHH8X0reoDiwgIf+9wA1Sx
> J5MK9I854j8fHrKsAKbuypQzCk3EFVg1UtayOwgZIh/XU0aAEDc4Ov2b7j3ugx/g
> hGWpeY1h/l+C0Qtp3S3g
> =/HB+
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150307/2aa08fb1/attachment.html>


More information about the Users mailing list