From: Justin Pettit <[email protected]>
Some (broken) firewalls do not properly pass UDP fragments, which will
prevent IKE from completing. This commit enables the racoon option to
allow application-level fragmenting and allow security associations to
be created.
---
debian/ovs-monitor-ipsec | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec
index febd569..0a97c88 100755
--- a/debian/ovs-monitor-ipsec
+++ b/debian/ovs-monitor-ipsec
@@ -83,6 +83,7 @@ path certificate "%s";
cert_entry = """remote %s {
exchange_mode main;
nat_traversal on;
+ ike_frag on;
certificate_type x509 "%s" "%s";
my_identifier asn1dn;
peers_identifier asn1dn;
--
1.7.4.4
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
