I'm wondering if we should make this the default. I'm seeing no breakage
as a result of using it, and it fixes things with some annoying network
configurations.
Index: iked.conf.5
===================================================================
RCS file: /cvs/src/sbin/iked/iked.conf.5,v
retrieving revision 1.55
diff -u -p -r1.55 iked.conf.5
--- iked.conf.5 11 May 2019 16:30:23 -0000 1.55
+++ iked.conf.5 24 Aug 2019 09:28:01 -0000
@@ -139,9 +139,9 @@ This mode is only useful for testing and
.It Ic set fragmentation
Enable IKEv2 Message Fragmentation (RFC 7383) support.
This allows IKEv2 to operate in environments that might block IP fragments.
+This is the default.
.It Ic set nofragmentation
Disables IKEv2 Message Fragmentation support.
-This is the default.
.It Ic set mobike
Enable MOBIKE (RFC 4555) support.
This is the default.
Index: parse.y
===================================================================
RCS file: /cvs/src/sbin/iked/parse.y,v
retrieving revision 1.81
diff -u -p -r1.81 parse.y
--- parse.y 28 Jun 2019 13:32:44 -0000 1.81
+++ parse.y 24 Aug 2019 09:28:01 -0000
@@ -106,7 +106,7 @@ static int rules = 0;
static int passive = 0;
static int decouple = 0;
static int mobike = 1;
-static int fragmentation = 0;
+static int fragmentation = 1;
static char *ocsp_url = NULL;
struct ipsec_xf {
@@ -1586,7 +1586,7 @@ parse_config(const char *filename, struc
free(ocsp_url);
mobike = 1;
- fragmentation = 0;
+ fragmentation = 1;
decouple = passive = 0;
ocsp_url = NULL;
