[Openswan Users] Fragmentation of ESP Packets on 2.6 linux kernel
Paul Wouters
paul at xelerance.com
Thu Oct 23 16:40:12 EDT 2008
On Tue, 21 Oct 2008, Sujithra P wrote:
>
> I am using ESP in transport mode between IMS SIP Client and PCSCF ( 3GPP 33.203).
> I am running the SIP client on linux kernel using setkey to manage SAs.
> When the ESP packets from the PCSCF are fragmented, the linux kernel is not processing it.
> I am not able to receive the packet at the application.
>
> Linux Version: Linux ubuntu 2.6.24
>
> The following ESP packet is fragmented, but the kernel is not processing it. I am not receiving the packet
> at application. If the ESP packet is not fragmented, it works fine.
Avoid fragmentation of ESP, and make sure you fragment before encryption.
In this case, I would set the 3GPP device's MTU to something like 1472
or even 1440.
Paul
More information about the Users
mailing list