-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi folks,
I am using IPv6 over IPv4 at home (via sixxs.net). No NAT. Problem: The mtu of this tunnel is less than 1500. On the first run IKEv2 on my Mac fails with icmp6 "Packet Too Big". Since the protocol is udp there is no packet to fragment and resend, which means a 10 seconds delay until a higher network layer wakes up and tries to authenticate again. Then it works. Looking at this I wonder if it is reasonable to ignore 500/tcp for Strongswan? Of course I saw https://wiki.strongswan.org/issues/830, but IMHO the fragment feature in strongsan doesn't really help in this case. The "Packet Too Big" is returned by the IPv6 tunnel. Strongswan on the peer did not see any incoming packet to defragment yet. Every helpful comment is highly appreciated Harri -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXipnrAAoJEAqeKp5m04HLRXYIAJat8BC7XiQPY4jhCbL0oc3p JN8w7vJE1s5JvtHN49RqwJUqjdd28F1AIXbxznlJI73WoAkY3UIXmw3jfOsIBO9v F0vp0dvNblgpLzu4JtTvWYZK/R8m7ox5hyV+82Qq53bx5T6XZUx46iUnBaZ18utD DUuL5d38rSSAQ55zev6/JVXFRJPWCyCBX2TPISHlKbEyrffTPe6YJ1TGaRi1jmj1 BRxSnX7PuQDba1iq3N79AD5LZ1vpUFRHiSO9GNaaz+1okiAFfGldW8XXvslK2nRw 9Zq17fkW4lUgT/54NskAGNK2muWAyh6wly0aPHhZ5p68gC/oZpT1t3qnOB3P/hE= =S4lC -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
