[strongSwan] Strange issue with Windows 7 IKEv2
vm at informatik.hu
Tue Aug 23 17:49:14 CEST 2016
there is a Strongswan roadwarrior configured to send fragmented ISAKMP
packets to the clients. The client is behind NAT (Debian Jessie,
IPTABLES). The fragmented UDP packets are reassembled on the gateway
(internal LAN interface JUBMO packet enabled), and thus the Client
cannot read the IKEv2 Auth answer.
Is there any way to tell IPTABLES not to reassemble UDP packets, or give
a smaller amount of MTU, like TCPMSS target?
More information about the Users