[Openswan Users] udp fragmented ike packet
Marco Berizzi
pupilla at hotmail.com
Fri Dec 22 11:09:19 EST 2006
Jacco de Leeuw wrote:
> Marco Berizzi wrote:
>
> > I have a strange problem with a windows XPsp2
> > roadwarrior behind an adsl router (the router
> > is also [P]NATting) and a linux 2.6.19.1 with
> > openswan 2.4.7
>
> Does it work without NAT?
I cannot try without nat. I cannot touch the router,
it is black box for me :-((
> > and this is the tcpdump on the public openswan interface:
>
> tcpdump with on the machine itself doesn't provide entirely
> reliable results with NETKEY.
Why not?
> Or did you use a seperate machine
> for the tcpdump?
no. The tcpdump is taken on the public openswan box
interface.
> > As you may see the udp ike packets are fragmented.
> > Is this a problem for openswan?
>
> As far as I know Openswan does not support IKE fragmentation.
Ahh, I didn't know this...
Is there a way to disable it in windows XPsp2?
> It's an unofficial extension by Cisco. Racoon (ipsec-tools)
> supports it ("ike_frag on").
>
> Jacco
Thanks for the reply.
More information about the Users
mailing list