Hello Serge, > Hello, > > I made some homework and found out different elements, which may help to > troubleshoot. > >>> This packet was a large packet and was sent as two UDP fragments. > What looked like to be a packet fragmentation, in fact appeared to be two > different CAs sent in the key exchange. > I had 2 CAs in the "cacert" folder due to the coming expiration of one of > them. So I removed the expired one and the packet duplication was solved. >
sorry, but I doubt this solved your fragmentation problem. To be sure I suggest you once again initiate a ikev2 connection and capture the packets with tcpdump on both sides at the same time. Something like root@bt:~ # tcpdump -i eth0 -n -v -s 0 'host 192.168.4.10' root@karma:~ # tcpdump -i eth0 -n -v -s 0 'host 192.168.4.87' And I would also like to see # tail -f /var/log/messages | grep 'charon:' from both sides. Btw. did you read the strongswan documentation about ikev1 fragmentation? Especially the part since which strongswan version it is available? Ikev1 doesn't help here. Regards, Volker _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users