[strongSwan] Fragmentation before encryption

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Wed May 17 15:01:29 CEST 2017

Hello Marie,

On 17.05.2017 03:35, Marie Luo wrote:
> But it doesn't appear to have any effects on the way strongSwan fragments and encrypts large packets, the large packets are always encrypted before fragmention.

It has nothing to do with strongSwan, only with the kernel.
The kernel does not do fragmentation before encryption with XFRM. I don't know about pfkey, but because it's the same code and pfkey is just another API to XFRM,
it will probably behave the same.

Kind regards

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170517/d8bb4779/attachment.sig>

More information about the Users mailing list