Hello, I have installed strongswan-5.2.0 on both the linux peers. I m trying to establish the tunnel using certificates. Since I have 2 levels of certificate Authorities( SubCA and RootCA) IKE_AUTH message containing cert payloads is exceeding mtu(1500)..
IKE_AUTH is getting fragmented after encryption at layer 3. This situation is ok, as the other end which is also a linux box is able to reassemble and decrypt.. But the large IKE_AUTH getting fragmented at ip level is not desirable because of some firewall rules. So I want to enable fragmentation feature, where multiple IKE_AUTHs are sent. For that reason I added "fragmentation=yes" in ipsec.conf on both the peers. but it is not taken into effect. Let me know if I need to do something other than adding fragmentation=yes in ipsec.conf, even I tried with fragmentation=force, but that didnt help too.. Any help in this regard is appreciated. Regards, Sriram.
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
