Scénario #15346
Mis à jour par Fabrice Barconnière il y a environ 8 ans
bonjour,
c'est loin ( pas si loin que ça ;-) ) loin, mais ne ce serait-il pas intéressant d'implémenter *fragmentation interessant d'implementer fragmentation = yes* yes sur la version 2.6
Dans *ipsec.conf* :
* *fragmentation fragmentation = yes | force | no* no
Dans *strongswan.conf* :
* Charger le plugin lié charon.plugins.kernel-netlink
** mss à templatiser
** mtu à templatiser
Exemple :
<pre>
.......
.......
charon {
load_modular = yes
.......
.......
plugins {
kernel-netlink {
mtu = 1300
mss = 1300
}
}
.......
.......
}
.......
.......
</pre>
<pre>
whether to use IKE fragmentation (proprietary IKEv1 extension or IKEv2 fragmentation as per RFC 7383).
Fragmented messages sent by a peer are always accepted irrespective of the value of this option.
If set to yes and the peer supports it, larger IKE messages will be sent in fragments (the maximum fragment size
can be configured in strongswan.conf). If set to force (only supported for IKEv1) the initial IKE message will already
be fragmented if required.
Available for IKEv1 connections since 5.0.2 and for IKEv2 connections since 5.2.1.
</pre>
c'est loin ( pas si loin que ça ;-) ) loin, mais ne ce serait-il pas intéressant d'implémenter *fragmentation interessant d'implementer fragmentation = yes* yes sur la version 2.6
Dans *ipsec.conf* :
* *fragmentation fragmentation = yes | force | no* no
Dans *strongswan.conf* :
* Charger le plugin lié charon.plugins.kernel-netlink
** mss à templatiser
** mtu à templatiser
Exemple :
<pre>
.......
.......
charon {
load_modular = yes
.......
.......
plugins {
kernel-netlink {
mtu = 1300
mss = 1300
}
}
.......
.......
}
.......
.......
</pre>
<pre>
whether to use IKE fragmentation (proprietary IKEv1 extension or IKEv2 fragmentation as per RFC 7383).
Fragmented messages sent by a peer are always accepted irrespective of the value of this option.
If set to yes and the peer supports it, larger IKE messages will be sent in fragments (the maximum fragment size
can be configured in strongswan.conf). If set to force (only supported for IKEv1) the initial IKE message will already
be fragmented if required.
Available for IKEv1 connections since 5.0.2 and for IKEv2 connections since 5.2.1.
</pre>