On Tue, 21 Mar 2017, Xinwei Hong wrote:
We noticed that the packets are fragmented around 332bytes (raw data about 244B). This value is much smaller than what we expected and it affects performance. Is this configurable? I noticed we have a ike-frag option, but that sounds like only apply to IKE, not to IPSEC esp packets. The sender sends packet with size around 1000B.
You can set mtu= which causes a route to be added with the specified mtu to work around this. But IPsec is not fragmenting at 332 bytes. In fact, isn't that smaller then the minimum allowed MTU size? It seems you have another non-IPsec problem on your network that needs addressing. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
