[strongSwan] Question about IKE frag
Tobias Brunner
tobias at strongswan.org
Thu Apr 27 16:15:43 CEST 2017
Hi Emeric,
> We noticed that for a tunnel between A and B:
> - if A sets the option to "yes" and B sets the option to "no", A does not fragment messages.
> - if A and B set the option to "yes", A does fragment messages respecting the fragmentation_size parameter
>
> Do you confirm this behavior?
Yes.
> We would expect A to fragment messages since B can accept them anyway?
No, it only will accept fragmented messages if A sends them even if not
negotiated. But B will only negotiate fragmentation (and thus enable it
if A wants to use it) if the option is set to yes.
Regards,
Tobias
More information about the Users
mailing list