[strongSwan] [Strongswan-5.3.0] - Ikev2 fragmentation Question
Sriram
sriram.ec at gmail.com
Fri Jul 29 07:50:34 CEST 2016
Hi,
We are using strongswan - 5.3.0. To make use of the ikev2 fragmentation
feature that is available since 5.2.1, we enabled fragmentation=yes in
ipsec.conf and fragment_size = 1200. The device mtu is 1500.
Feature gets enabled as the security gateway also supports
IKEV2_FRAGMENTATION_SUPPORTED payload.
But the concern is fragment size, though it is set as 1200, fragment_size
of 576 is seen in the wireshark.
What could be the reason for this ?
Without this feature enabled, IP does the fragmentation of ike packets only
if the packet size crosses 1500.
Regards,
Sriram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160729/15c772c9/attachment.html>
More information about the Users
mailing list