[strongSwan] Strange issue with Windows 7 IKEv2

Vukovics Mihaly vm at informatik.hu
Tue Aug 23 17:49:14 CEST 2016


Hello,

there is a Strongswan roadwarrior configured to send fragmented ISAKMP 
packets to the clients. The client is behind NAT (Debian Jessie, 
IPTABLES). The fragmented UDP packets are reassembled on the gateway 
(internal LAN interface JUBMO packet enabled), and thus the Client 
cannot read the IKEv2 Auth answer.

Is there any way to tell IPTABLES not to reassemble UDP packets, or give 
a smaller amount of MTU, like TCPMSS target?


BR,

Mihaly




More information about the Users mailing list