[strongSwan] Question about IKE frag
Tobias Brunner
tobias at strongswan.org
Fri Apr 28 15:30:45 CEST 2017
Hi Emeric,
>>> We would expect A to fragment messages since B can accept them anyway?
>>
>> No, it only will accept fragmented messages if A sends them even if not
>> negotiated. But B will only negotiate fragmentation (and thus enable it
>> if A wants to use it) if the option is set to yes.
>>
>
> Then if A really wants to fragment its output messages, there is no option to force it?
No, doing so without negotiating it isn't legal (only for IKEv1 when the
first message is already fragmented, which is the main reason fragmented
messages are always defragmented). But the option is enabled by default
since 5.5.1 anyway.
Regards,
Tobias
More information about the Users
mailing list