[strongSwan] Post-Fragmentation for IPv6 IKEv2
Jaivik Shah
jaivikshah5 at gmail.com
Mon Sep 28 07:31:46 CEST 2015
Hi,
Here we have our security gateway box with strongswan for IKEv2 session. We
would like to perform pre-fragmentation and post-fragmentation for the
same. We were able to perform pre-fragmentation in which we can see ESP
packets are getting fragmented. But coming to post-fragmentation, we
failed. For post-fragmentation we are expecting IPv6 (OH) should get
fragment but in that also we see ESP (IH) is getting fragmented.
My question is, can we rely on below options to check pre and post
fragmentation?
[root at sabarmati etc]# sysctl -a | grep pmtu
net.ipv4.ip_forward_use_pmtu = 0
*net.ipv4.ip_no_pmtu_disc = 1*
net.ipv4.route.min_pmtu = 3000
We are checking with if *net.ipv4.ip_no_pmtu_disc = 0, it should do
pre-fragmentation.*
*If **net.ipv4.ip_no_pmtu_disc = 1, it should do post-fragmentation.*
Do we have any other options to change in strongswan kernel to make things
work as expected?
Please help us on the same ASAP.
--
Regards,
Jaivik Shah
+91 9620269196
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150928/ab93e6dc/attachment.html>
More information about the Users
mailing list