[Swan-dev] strongswan fragmentation notify payload dropped in later versions?
Paul Wouters
paul at nohats.ca
Sat Oct 3 19:11:19 UTC 2015
It seems strongswan has actually shown regression. I bumped my machine
to use 5.3.3 and do a test where strongswan initiates and we want
fragmentation. It failed to send the notify payload. I then added
fragmentation=yes and it still didn't sent the notify:
--- ./west.console.txt 2015-09-17 17:27:01.672530145 -0400
+++ OUTPUT/west.console.txt 2015-10-03 15:01:48.889730298 -0400
@@ -35,6 +35,7 @@
Loading conn 'westnet-eastnet-ikev2'
authby=secret
auto=add
+ fragmentation=yes
keyexchange=ikev2
left=192.1.2.45
leftid=@west
@@ -49,7 +50,7 @@
west #
strongswan up westnet-eastnet-ikev2
initiating IKE_SA westnet-eastnet-ikev2[1] to 192.1.2.23
-generating IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
+generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]
sending packet: from 192.1.2.45[500] to 192.1.2.23[500] (XXX bytes)
received packet: from 192.1.2.23[500] to 192.1.2.45[500] (XXX bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) ]
I have to dive into why this notification payload is no longer
appearing.... But its not due to bad versions of strongswan, which I
told people before....
Paul
More information about the Swan-dev
mailing list