[strongSwan] using 500/tcp
harri at afaics.de
Sat Jul 16 22:32:43 CEST 2016
-----BEGIN PGP SIGNED MESSAGE-----
I am using IPv6 over IPv4 at home (via sixxs.net). No NAT.
Problem: The mtu of this tunnel is less than 1500. On the
first run IKEv2 on my Mac fails with icmp6 "Packet Too Big".
Since the protocol is udp there is no packet to fragment and
resend, which means a 10 seconds delay until a higher network
layer wakes up and tries to authenticate again. Then it works.
Looking at this I wonder if it is reasonable to ignore 500/tcp
Of course I saw https://wiki.strongswan.org/issues/830, but
IMHO the fragment feature in strongsan doesn't really help in
this case. The "Packet Too Big" is returned by the IPv6 tunnel.
Strongswan on the peer did not see any incoming packet to
Every helpful comment is highly appreciated
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the Users