[strongSwan] Strange issue with Windows 7 IKEv2
Vukovics Mihaly
vm at informatik.hu
Tue Aug 23 17:49:14 CEST 2016
Hello,
there is a Strongswan roadwarrior configured to send fragmented ISAKMP
packets to the clients. The client is behind NAT (Debian Jessie,
IPTABLES). The fragmented UDP packets are reassembled on the gateway
(internal LAN interface JUBMO packet enabled), and thus the Client
cannot read the IKEv2 Auth answer.
Is there any way to tell IPTABLES not to reassemble UDP packets, or give
a smaller amount of MTU, like TCPMSS target?
BR,
Mihaly
More information about the Users
mailing list