ovs-monitor-ipsec: Allow IKE fragmentation

Some (broken) firewalls do not properly pass UDP fragments, which will prevent IKE from completing. This commit enables the racoon option to allow application-level fragmenting and allow security associations to be created.
2025-10-17 14:28:02 +00:00 · 2011-04-27 08:46:38 -07:00
parent 7adfd7bfd1
commit 73976ebdb0
1 changed files with 1 additions and 0 deletions
--- a/debian/ovs-monitor-ipsec
+++ b/debian/ovs-monitor-ipsec
@@ -83,6 +83,7 @@ path certificate "%s";
    cert_entry = """remote %s {
        exchange_mode main;
        nat_traversal on;
+        ike_frag on;
        certificate_type x509 "%s" "%s";
        my_identifier asn1dn;
        peers_identifier asn1dn;