-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Sriram,
As mentioned in the man page, fragmentation isn't supported for IKEv2 yet. Support will be added in the next version of strongSwan. Regards, Noel Kuntze GPG Key id: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 06.08.2014 um 08:14 schrieb Sriram: > Hello, > > I have installed strongswan-5.2.0 on both the linux peers. > I m trying to establish the tunnel using certificates. > Since I have 2 levels of certificate Authorities( SubCA and RootCA) > IKE_AUTH message containing cert payloads is exceeding mtu(1500).. > > IKE_AUTH is getting fragmented after encryption at layer 3. This situation is > ok, as the other end which is also a linux box is able to reassemble and > decrypt.. > But the large IKE_AUTH getting fragmented at ip level is not desirable > because of some firewall rules. > > So I want to enable fragmentation feature, where multiple IKE_AUTHs are sent. > For that reason I added "fragmentation=yes" in ipsec.conf on both the peers. > but it is not taken into effect. > Let me know if I need to do something other than adding fragmentation=yes in > ipsec.conf, even I tried with fragmentation=force, but that didnt help too.. > > Any help in this regard is appreciated. > > Regards, > Sriram. > > > > > > > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJT4dFHAAoJEDg5KY9j7GZYDs8P/24iWWFiqd/WdLCOVpmQEX8l aUu3X5erOs60GtV/NVUW3pQqufWoCWXkdPrWgNwjaGPYbv5eDTDIY1muDs+YDI1f VCqyYDE5M/OvHF9ec7Di+R5cgairTf7iG2zXcKS+6Qtgcqhv2sp9E88xCR/PZ95r CQ6QnO3NXulrJQv9fVkAdFfgAL+FDnYpr2YLN9ltY7PbqlFO4413uQcftru7+zyD oBPFRZm612IWvoQ+j7vL+221j7p56pqUpUeAEvmksDW5aL23WulrjL9e268T9scF msR1TD+/7w4ZPf2eWe56zUnEqnyUfHow8wEhyGACA5UkZQGOFSBM5xwPASnfkxWm e9vbRdpKGG8xYjxJf2Km2Dc2Zk8+OXvIXKN0+EzgeJn8zU3zPirGTcLSfAP/+Mtr 7sTR2yPkvp/cCyKMXop0CXXIu/lmGvHQWEza+C78C26B07/E7osxHmpGTVqYTV9y M1P51MOaNwiqyu6Vi1mwQzC0SioPqY4HwDHML5tiyDjX+To8u7zlgDcSCcd76kT7 iStpHCRmb08h9bi5OX1S063PkTNI01pZiMwAgw3D/hqB48y8WKw3K9fciLcpW3nN 6ccX7io4ZmcumouivLBKWnTUqYIQyuZUAW/jrso5RU5R51LQ9M06VVRmpGKw5lWv Mg3D7yQ0r1vBrWJxSGUa =O4DK -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
