:) > overridemtu only helps with IPsec ESP payload packets and the
Yes. It doesn't help while changing MTU on the interface really helps, of course: ip link set eth1 mtu 1200 This is in my case. > KLIPS IPsec stack from the FreeS/WAN project. It does not help I have: Using Linux 2.6 IPsec interface code So no way. > with IKE because the messages MI3 and MR3 cannot be logically > split into two UDP datagrams (some VPN vendors have a proprietary > FRAGMENTATION option.though, which strongSwan does not support). It's correct though it's a pitty. > I'm not sure if strongSwan 2.8.8 already supports the leftsendcert= > option which would allow a third workaround: I think it even works. > On both sides install the peer certificate locally and disable > the sending of certificate requests and certificates: > > config setup > nocrsend=yes > > conn myconn > leftcert=myCert.pem > leftsendcert=never > rightcert=peerCert.pem Yes. It works as I already said it. Best regards, Michael. _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
