[Openswan Users] udp fragmented ike packet

Marco Berizzi pupilla at hotmail.com
Fri Dec 22 11:09:19 EST 2006

Jacco de Leeuw wrote:

> Marco Berizzi wrote:
> > I have a strange problem with a windows XPsp2
> > roadwarrior behind an adsl router (the router
> > is also [P]NATting) and a linux with
> > openswan 2.4.7
> Does it work without NAT?

I cannot try without nat. I cannot touch the router,
it is black box for me :-((

> > and this is the tcpdump on the public openswan interface:
> tcpdump with on the machine itself doesn't provide entirely
> reliable results with NETKEY.

Why not?

> Or did you use a seperate machine
> for the tcpdump?

no. The tcpdump is taken on the public openswan box

> > As you may see the udp ike packets are fragmented.
> > Is this a problem for openswan?
> As far as I know Openswan does not support IKE fragmentation.

Ahh, I didn't know this...
Is there a way to disable it in windows XPsp2?

> It's an unofficial extension by Cisco. Racoon (ipsec-tools)
> supports it ("ike_frag on").
> Jacco

Thanks for the reply.

More information about the Users mailing list