I'm wondering if we should make this the default. I'm seeing no breakage as a result of using it, and it fixes things with some annoying network configurations.
Index: iked.conf.5 =================================================================== RCS file: /cvs/src/sbin/iked/iked.conf.5,v retrieving revision 1.55 diff -u -p -r1.55 iked.conf.5 --- iked.conf.5 11 May 2019 16:30:23 -0000 1.55 +++ iked.conf.5 24 Aug 2019 09:28:01 -0000 @@ -139,9 +139,9 @@ This mode is only useful for testing and .It Ic set fragmentation Enable IKEv2 Message Fragmentation (RFC 7383) support. This allows IKEv2 to operate in environments that might block IP fragments. +This is the default. .It Ic set nofragmentation Disables IKEv2 Message Fragmentation support. -This is the default. .It Ic set mobike Enable MOBIKE (RFC 4555) support. This is the default. Index: parse.y =================================================================== RCS file: /cvs/src/sbin/iked/parse.y,v retrieving revision 1.81 diff -u -p -r1.81 parse.y --- parse.y 28 Jun 2019 13:32:44 -0000 1.81 +++ parse.y 24 Aug 2019 09:28:01 -0000 @@ -106,7 +106,7 @@ static int rules = 0; static int passive = 0; static int decouple = 0; static int mobike = 1; -static int fragmentation = 0; +static int fragmentation = 1; static char *ocsp_url = NULL; struct ipsec_xf { @@ -1586,7 +1586,7 @@ parse_config(const char *filename, struc free(ocsp_url); mobike = 1; - fragmentation = 0; + fragmentation = 1; decouple = passive = 0; ocsp_url = NULL;