[strongSwan] Question about IKE frag
Emeric POUPON
emeric.poupon at stormshield.eu
Fri Apr 28 10:52:43 CEST 2017
Hello,
>> We noticed that for a tunnel between A and B:
>> - if A sets the option to "yes" and B sets the option to "no", A does not
>> fragment messages.
>> - if A and B set the option to "yes", A does fragment messages respecting the
>> fragmentation_size parameter
>>
>> Do you confirm this behavior?
>
> Yes.
>
>> We would expect A to fragment messages since B can accept them anyway?
>
> No, it only will accept fragmented messages if A sends them even if not
> negotiated. But B will only negotiate fragmentation (and thus enable it
> if A wants to use it) if the option is set to yes.
>
Then if A really wants to fragment its output messages, there is no option to force it?
Regards,
Emeric
More information about the Users
mailing list