[strongSwan] [Strongswan-5.3.0] - Ikev2 fragmentation Question
sriram.ec at gmail.com
Fri Jul 29 07:50:34 CEST 2016
We are using strongswan - 5.3.0. To make use of the ikev2 fragmentation
feature that is available since 5.2.1, we enabled fragmentation=yes in
ipsec.conf and fragment_size = 1200. The device mtu is 1500.
Feature gets enabled as the security gateway also supports
But the concern is fragment size, though it is set as 1200, fragment_size
of 576 is seen in the wireshark.
What could be the reason for this ?
Without this feature enabled, IP does the fragmentation of ike packets only
if the packet size crosses 1500.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users