[Swan-dev] ikev2-frag-02-ipv6 fails due to certificate problems

Tuomo Soini tis at foobar.fi
Sat Jun 20 13:54:47 EEST 2015


On Sat, 20 Jun 2015 04:26:07 -0400 (EDT)
"D. Hugh Redelmeier" <hugh at mimosa.com> wrote:

> I don't think that I had anything to do with this failure (but I
> cannot be sure):

I was staring at: 72ef1f2752b99dc1d962364eb371776337b016bd

Your calculations indicate we have too big value (1240) for
ISAKMP_FRAG_MAXLEN_IPv6.

I really hate this numbers without good explanation. I guess
we need to create a test case with mtu 1280 and router eating udp
fragments to test this out properly. I know I'm guilty to 1240 number
and it's very possible I missed something when I calculated that. It
was mostly guessing because calculation for ike1 ipv4 fragmentation
wasn't even documented.

-- 
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>


More information about the Swan-dev mailing list