[Openswan Users] udp fragmented ike packet

Marco Berizzi pupilla at hotmail.com
Fri Dec 22 11:09:19 EST 2006


Jacco de Leeuw wrote:


> Marco Berizzi wrote:
>
> > I have a strange problem with a windows XPsp2
> > roadwarrior behind an adsl router (the router
> > is also [P]NATting) and a linux 2.6.19.1 with
> > openswan 2.4.7
>
> Does it work without NAT?

I cannot try without nat. I cannot touch the router,
it is black box for me :-((

> > and this is the tcpdump on the public openswan interface:
>
> tcpdump with on the machine itself doesn't provide entirely
> reliable results with NETKEY.

Why not?

> Or did you use a seperate machine
> for the tcpdump?

no. The tcpdump is taken on the public openswan box
interface.

> > As you may see the udp ike packets are fragmented.
> > Is this a problem for openswan?
>
> As far as I know Openswan does not support IKE fragmentation.

Ahh, I didn't know this...
Is there a way to disable it in windows XPsp2?

> It's an unofficial extension by Cisco. Racoon (ipsec-tools)
> supports it ("ike_frag on").
>
> Jacco

Thanks for the reply.




More information about the Users mailing list