[strongSwan] Issue with ipv6 fragmented packets

Sunny Kumar Sunny2.Kumar at aricent.com
Thu Jan 7 06:38:05 CET 2016


I am using strongswan client for EAP-AKA scenario. Also I am using Strongswan 5.2.2.

I am able to establish a call with IPv6 and the virtual IP assigned to client is IPv4. Now when I am initiating a ping  of size less than MTU then ping is working fine, I can see IPv4 icmp packets encapsulated within IPv6 ESP packets. When I am trying to initiate a ping of size greater than MTU then I can see ICMP checksum is incorrect and I am suspecting the way inner ICMP packets are fragmented is incorrect.

Can anyone help me with this issue. If this is a kernel issue then is there any fix for that ?

I have attached the wireshark logs for ping packets of size 1600 bytes (MTU set to 1500 bytes). Key details to decrypt the wireshark is also attached to this mail.

Thanks and Regards,
"DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160107/5983f025/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wireshark_log.pcap
Type: application/octet-stream
Size: 6324 bytes
Desc: wireshark_log.pcap
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160107/5983f025/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: decryption_keys.PNG
Type: image/png
Size: 19704 bytes
Desc: decryption_keys.PNG
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160107/5983f025/attachment-0001.png>

More information about the Users mailing list