[strongSwan] Issue with ipv6 fragmented packets

sunny kumar sunnykumar.18jun at gmail.com
Fri Jan 8 13:01:23 CET 2016


I am using strongswan client for EAP-AKA scenario. Also I am using
Strongswan 5.2.2.

I am able to establish a call with IPv6 connection and the virtual IP
assigned to the client is IPv4. Now when I am initiating a ping  of size
less than MTU then ping is working fine, I can see IPv4 icmp packets
encapsulated within IPv6 ESP packets. When I am trying to initiate a ping
of size greater than MTU then I can see ICMP checksum is incorrect and I am
suspecting the way inner ICMP packets are fragmented is incorrect.

Can anyone help me with this issue. If this is a kernel issue then is there
any fix for that ?

I have attached the wireshark logs for ping packets of size 1600 bytes (MTU
set to 1500 bytes). Key details to decrypt the wireshark is also attached
to this mail.

Thanks and Regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160108/ad29c910/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: decryption_keys.PNG
Type: image/png
Size: 19704 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160108/ad29c910/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wireshark_log.pcap
Type: application/octet-stream
Size: 6324 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160108/ad29c910/attachment-0001.obj>

More information about the Users mailing list