[strongSwan] [Strongswan-5.3.0] - Ikev2 fragmentation Question

Tobias Brunner tobias at strongswan.org
Fri Jul 29 10:18:19 CEST 2016


Hi Sriram,

> But the concern is fragment size, though it is set as 1200,
> fragment_size of 576 is seen in the wireshark.

I'm assuming for packets sent by the gateway.  The fragment size is not
negotiated, so the gateway might just default to the minimum datagram
size a host must be able to accept, which is 576 for IPv4.

If it is for packets sent by the client make sure the
charon.fragment_size setting you configured is actually picked up (i.e.
you edited the right file) and it does not get changed by e.g. an
included config file.

Regards,
Tobias



More information about the Users mailing list