[Openswan Users] udp fragmented ike packet
Jacco de Leeuw
jacco2 at dds.nl
Fri Dec 22 10:50:29 EST 2006
Marco Berizzi wrote:
> I have a strange problem with a windows XPsp2
> roadwarrior behind an adsl router (the router
> is also [P]NATting) and a linux 2.6.19.1 with
> openswan 2.4.7
Does it work without NAT?
> and this is the tcpdump on the public openswan interface:
tcpdump with on the machine itself doesn't provide entirely
reliable results with NETKEY. Or did you use a seperate machine
for the tcpdump?
> As you may see the udp ike packets are fragmented.
> Is this a problem for openswan?
As far as I know Openswan does not support IKE fragmentation.
It's an unofficial extension by Cisco. Racoon (ipsec-tools)
supports it ("ike_frag on").
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list