[Swan-dev] VID and IKE v2
Paul Wouters
paul at nohats.ca
Sat Oct 4 02:25:17 EEST 2014
On Fri, 3 Oct 2014, D. Hugh Redelmeier wrote:
> complete_v1_state_transition copies these VID settings from md to st:
> fragvid, dpd, nortel
>
> complete_v2_state_transition does not.
>
> Are these VID settings meaningful in v2?
mostly not. The nortel one is a workaround for notel, ikev1 only. The
dpd is to see if the remote supports DPD, but that's a mandatory part
of ikev2, so we dont need that either.
fragmentation will be done differently in ikev2 unfortunately, using:
https://tools.ietf.org/html/draft-ietf-ipsecme-ikev2-fragmentation-10
Although nothing stops us from adding a Notify type that would mean
support for "ikev1 style" fragmentation (as the method is completely
agnostic to the IKE version)
Paul
More information about the Swan-dev
mailing list