Hi strongSwan developers, sometimes I have problems to build up a VPN connection to strongswan with my Windows clients because of misconfigured or broken routers dropping IP fragments. A few months ago I tried to enable IKEv1 fragmentation support for Windows clients with a small patch. This works for Windows XP clients, but breaks Windows 7 l2tp/ipsec clients. It seems Windows 7 ignores IKE fragments for the second exchange. As a quick workaround I set fragment_size = 1196. In my case now only messages containing certificates are sent as IKE fragments, which makes Windows 7 clients work again.
Now I have a few patches which enable just this behaviour. With fragmentation=onlycerts strongswan only sends IKE fragments if the peer supports it and the message contains certificates. Before I continue I would like to know if this is something you can accept for the repository? Thanks, Volker _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users