Hi Steffen, > Strongswan 5.2.2 on linux (centos 6) IKEv2 configuration for windows > clients I have the following problem:
> My more specific question is why is the outgoing UDP packet size > greater than the MTU size on the interface? In an IKE_AUTH response, the large part of the message is probably the exchanged certificate. You may try to generate a smaller server certificate (chain) so that this message fits in your MTU. > I have tried to modify the charon.fragment_size and conn specific > fragmentation settings and cannot get this modify the behavior. IKEv2 fragmentation is a protocol extension (RFC 7383), and AFAIK it is not supported in the Windows client. So you can't use it with these clients, but have to try to avoid messages larger than your MTU to get things working on such constrained networks. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
