Hi Pavan, > 1. Why isnt *charon.fragment_size* enabled by default in code i.e. IKE > FRAG Enabled by default ? > What is the rationale behind it to enable specifically in strong > swan.conf
As documented on [1] or in the man page, you don't have to set that value in strongswan.conf. If it is not specified address family specific default values apply (1280 for IPv6 and 576 for IPv4). But IKE fragmentation has to be enabled explicitly with fragmentation=yes in ipsec.conf or swanctl.conf. > 2. What are the frag size supported in case of IPv4 and IPv6 ? Or > implementation is same in the code. As documented, whatever you set in charon.fragment_size is used for both address families. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
