[strongSwan] udp packet size
Fred
curious_freddy at gmsl.co.uk
Mon Mar 16 10:41:21 CET 2015
On 12/03/2015 02:35, Steffen Plotner wrote:
> Hi,
>
> Strongswan 5.2.2 on linux (centos 6) IKEv2 configuration for windows clients I have the following problem:
>
> Initiator sends IKE_SA_INIT
> Server responds with IKE_SA_INIT
> Initiator sends IKE_AUTH
> Server responds with a fragmented IP packet of 1514 bytes (the MTU is 1500 on the outgoing interface).
Just an update. Using ECDSA means these large packets are no longer an
issue. Perhaps RSA is preferred from a security point of view; I don't
know. But certainly the smaller key footprint without having to reduce
the RSA keysize or use a short DN is maybe a good solution.
More information about the Users
mailing list