[strongSwan] [Strongswan-5.3.0] - Ikev2 fragmentation Question

Sriram sriram.ec at gmail.com
Fri Jul 29 07:50:34 CEST 2016


We are using strongswan - 5.3.0. To make use of the ikev2 fragmentation
feature that is available since 5.2.1, we enabled fragmentation=yes in
ipsec.conf and fragment_size = 1200. The device mtu is 1500.
Feature gets enabled as the security gateway also supports
But the concern is fragment size, though it is set as 1200, fragment_size
of 576 is seen in the wireshark.
What could be the reason for this ?

Without this feature enabled, IP does the fragmentation of ike packets only
if the packet size crosses 1500.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160729/15c772c9/attachment.html>

More information about the Users mailing list